JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Analytics Business Administrator's Guide 11g Release 1
search filter icon
search icon

Document Information


1.  Oracle Identity Analytics Identity Warehouse

2.  Oracle Identity Analytics Importing

3.  Oracle Identity Analytics ETL Process

4.  Oracle Identity Analytics Data Correlation

5.  Oracle Identity Analytics Role Engineering and Management

Understanding Role Mining, Role Consolidation, and Entitlements Discovery

Role Mining

Role Consolidation

Entitlements Discovery

Performing Role Mining

Setting Role Mining Attributes

To Set Role Mining Attributes

Creating a Role Mining Task

To Create a Role Mining Task

Using the Role Mining Wizard Display Controls

Using the Mining Criteria Page

Using the Role Engineering Data Preview Page

Running or Scheduling a Role Mining Task

To Run or Schedule a Saved Role Mining Task

Validating and Saving Role Mining Results

To Validate and Adjust Role Discovery Results

Using the Role Mining Results Page

Using the Roles Tab

Using the Mining Statistics Tab

Using the Classification Rules Tab

Using the Users in Roles Tab

Performing Role Consolidation

To Consolidate Roles

Performing Entitlements Discovery

To Perform Entitlements Discovery

Creating and Using Role Provisioning Rules

To Create New Rules

To Approve/Reject Role Provisioning Rules

To Deactivate or Decommission Rules

To Preview Role Provisioning Rules Job

To Run Role Provisioning Rules Job

To Manage Lifecycle of Rules

6.  Oracle Identity Analytics Workflows

7.  Oracle Identity Analytics Identity Certifications

8.  Oracle Identity Analytics Identity Audit

9.  Oracle Identity Analytics Reports

10.  Oracle Identity Analytics Scheduling

11.  Oracle Identity Analytics Configuration

12.  Oracle Identity Analytics Access Control

13.  Audit Event Log and Import-Export Log

Understanding Role Mining, Role Consolidation, and Entitlements Discovery

Role Mining, Entitlements Discovery, and Role Consolidation are modules that can be used to populate the Identity Warehouse with the right combination of users and roles. The process of populating the Identity Warehouse with roles has roughly three phases: role definition, role refinement, and role verification.

During the role definition phase you should use the role mining module to populate the Identity Warehouse with roles. To refine your roles, use the Entitlements Discovery and Role Consolidation modules. Also use the Role Consolidation module to verify that your roles are clean and complete.

Role Mining

The role mining process discovers relationships between users based on similar access permissions that can logically be grouped to form a role. Role engineers can specify the applications and attributes that will return the best mining results. Role mining is also called role discovery.

Oracle Identity Analytics supports three approaches to role mining: a top-down approach, a bottom-up approach, and a hybrid approach.

In the top-down approach, Oracle Identity Analytics creates roles by analyzing users' job functions and HR attributes. (For example, geographical location and manager are typical HR attributes.) In the bottoms-up approach, Oracle Identity Analytics creates roles by analyzing users' account permissions. In the hybrid approach, the top-down approach and the bottom-up approach are combined. The hybrid approach is recommended.

Role Consolidation

Role Consolidation is a feature that prevents the creation of new roles with almost the same membership and entitlements of existing roles, a syndrome known as role explosion.

Role Consolidation tells you how similar two roles are based on the following two criteria:

Entitlements Discovery

Entitlements Discovery analyzes legacy roles in order to define, re-evaluate, and refine the content of these roles. Role Entitlements Discovery can also be used for role consolidation if you need to include more applications in the role entitlement mix.

Once roles have been defined for critical applications, you might not want to add new roles or change the makeup of a role, but instead introduce a larger domain of application entitlements in those roles. In this case, select the relevant attributes of the new application as minable only and run Role Entitlements Discovery on the existing roles.

The Role Entitlements Discovery process can also be applied to top-down roles that are already defined in the organization in order to expedite the hybrid, best-practice role definition process.