Skip to main content
Products & Solutions

Essentials of Role-Based Access Control

  • by Jerry Aubel

Visualization of role-based access control

If timing is everything, then is now the right time to start your Role-Based Access Control journey? In my last blog, I discussed access certifications and compliance functionality in SecurID Governance and Lifecycle (G&L). Today, we’ll jump into the Business Role Manager module of the G&L solution and discover if the time is right for you to implement a role-based access control model.

By definition, in a role-based access control (RBAC) framework, all access and entitlements are linked to specific roles within the enterprise. Role management is a critical component in addressing governance and compliance requirements for user access to mission-critical applications, data, and IT resources. Roles support compliance by aligning access privileges to user job functions within the organization and by providing business context to lower-level entitlements and permissions, which need to be reviewed by business managers and compliance staff.

That covers who has access to what. But when plays an important factor, too.

So here’s that timing thing again: by involving all stakeholders and starting early in a role-access project, the Business Role Manager enables a diverse line of business and IT personnel to participate in all aspects of the role development, management, and deployment process to whatever degree is required to maintain an effective role-based access management system for the organization.

Why is this important? Decentralization of role management enables the business to delegate role management responsibilities to the individuals in your organization who understand the business requirements of their direct reports and, by extension, their resource access requirements. It charges the leaders with the greatest insights into a given role with determining what’s needed and what isn’t to be successful.

Business Role Manager can be a helpful tool in establishing the principle of least privilege and adopting a zero trust mindset. This can reduce the risk of a breach and reduce the damage a potential attacker could do by providing only the minimal level of access a user requires to perform their job – nothing more, nothing less. An RBAC model can also reduce complexity and simplify the onboarding process by assigning birthright access and entitlements by function, role, or role set, and enable new hires to be productive on day one with a bundle of appropriate access based on their role.

Role Engineering and Role Mining

Role mining is the discovery of relationships between access permissions (entitlements) and a user’s job role. Role engineering tools within Business Role Manager enable you to explicitly define roles or derive roles based on existing user attribute, entitlement attributes, or user-entitlement association criteria.

Business Role Manager lets you engineer roles using several approaches: there’s bottom-up, where roles are derived from common user entitlement associations for a group of users There’s also top-down, in which roles are derived from user entitlement associations related to a business function or organization, or in which managers can simply define the roles they want for the functions or organizations under their control. In addition, you can choose a hybrid approach, where roles are derived using a combination of top-down and bottom-up approaches.

There’s a lot more to learn, so now may be the time to investigate the full power of the Business Role Manager module in SecurID Governance and Lifecycle..

To help understand how well you are managing your overall identity risk – and how Business Role Manager can help – try our IAM Risk Intelligence calculator.