|Skip Navigation Links|
|Exit Print View|
|Oracle Identity Analytics Business Administrator's Guide 11g Release 1|
This module analyzes legacy roles in order to define, re-evaluate, and refine the content of these roles. Entitlements Discovery can also be used for role consolidation if you need to include more applications in the role entitlement mix.
Once roles have been defined for critical applications, you might not want to add new roles or change the makeup of a role, but instead introduce a larger domain of application entitlements in those roles. In this case, select the relevant attributes of the new application as minable only and run Entitlements Discovery on the existing roles.
The Role Entitlements Discovery process can also be applied to top-down roles that are already defined in the organization in order to expedite the hybrid, best-practice role definition process.
Log in to Oracle Identity Analytics.
Choose Role Management > Entitlements Discovery.
The Choose Attribute Type Strategy page opens.
Select Evaluate Minable attributes and click Next.
Select the desired role from the Available Roles panel on the left.
The Available Users panel on the right displays the users that belong to that role.
Select one or more users.
Do one of the following:
Click the Display drop-down menu at the bottom of the panel to view more users on the page.
Select Page at the top of the panel to select all the users on the current page, or select clear Page to deselect the users on the current page.
Select All to select all users across all pages, or clear All to deselect all users.
On the left side of the screen, select a Role and click View Details.
Select a cut-off percentage for each policy and click Save Policies.
The cut-off slider at the bottom of the page can be set to a percentage so that only the users that have an equal or higher similarity-percentage will appear in the result.
Choose Identity Warehouse > Policies to view the time-stamped policies.
The access (attributes) related to these policies can be evaluated and added or removed as required. Policies, once renamed and finalized, can be re-associated to the original role.
Note - Before changing policies (or the associated access attributes), consult with the business owner or role owner.