Skip Navigation Links | |
Exit Print View | |
Oracle Identity Analytics Business Administrator's Guide 11g Release 1 |
1. Oracle Identity Analytics Identity Warehouse
2. Oracle Identity Analytics Importing
3. Oracle Identity Analytics ETL Process
4. Oracle Identity Analytics Data Correlation
5. Oracle Identity Analytics Role Engineering and Management
Setting Role Mining Attributes
Using the Role Mining Wizard Display Controls
Using the Mining Criteria Page
Using the Role Engineering Data Preview Page
Running or Scheduling a Role Mining Task
To Run or Schedule a Saved Role Mining Task
Validating and Saving Role Mining Results
To Validate and Adjust Role Discovery Results
Using the Role Mining Results Page
Using the Mining Statistics Tab
Using the Classification Rules Tab
Performing Entitlements Discovery
To Perform Entitlements Discovery
Creating and Using Role Provisioning Rules
To Approve/Reject Role Provisioning Rules
To Deactivate or Decommission Rules
To Preview Role Provisioning Rules Job
To Run Role Provisioning Rules Job
6. Oracle Identity Analytics Workflows
7. Oracle Identity Analytics Identity Certifications
8. Oracle Identity Analytics Identity Audit
9. Oracle Identity Analytics Reports
10. Oracle Identity Analytics Scheduling
11. Oracle Identity Analytics Configuration
Role Mining, Entitlements Discovery, and Role Consolidation are modules that can be used to populate the Identity Warehouse with the right combination of users and roles. The process of populating the Identity Warehouse with roles has roughly three phases: role definition, role refinement, and role verification.
During the role definition phase you should use the role mining module to populate the Identity Warehouse with roles. To refine your roles, use the Entitlements Discovery and Role Consolidation modules. Also use the Role Consolidation module to verify that your roles are clean and complete.
The role mining process discovers relationships between users based on similar access permissions that can logically be grouped to form a role. Role engineers can specify the applications and attributes that will return the best mining results. Role mining is also called role discovery.
Oracle Identity Analytics supports three approaches to role mining: a top-down approach, a bottom-up approach, and a hybrid approach.
In the top-down approach, Oracle Identity Analytics creates roles by analyzing users' job functions and HR attributes. (For example, geographical location and manager are typical HR attributes.) In the bottoms-up approach, Oracle Identity Analytics creates roles by analyzing users' account permissions. In the hybrid approach, the top-down approach and the bottom-up approach are combined. The hybrid approach is recommended.
Role Consolidation is a feature that prevents the creation of new roles with almost the same membership and entitlements of existing roles, a syndrome known as role explosion.
Role Consolidation tells you how similar two roles are based on the following two criteria:
Role membership
Entitlements
Entitlements Discovery analyzes legacy roles in order to define, re-evaluate, and refine the content of these roles. Role Entitlements Discovery can also be used for role consolidation if you need to include more applications in the role entitlement mix.
Once roles have been defined for critical applications, you might not want to add new roles or change the makeup of a role, but instead introduce a larger domain of application entitlements in those roles. In this case, select the relevant attributes of the new application as minable only and run Role Entitlements Discovery on the existing roles.
The Role Entitlements Discovery process can also be applied to top-down roles that are already defined in the organization in order to expedite the hybrid, best-practice role definition process.