|
|
|
pinSpark Role Management
Role management has become a critical component in addressing
governance, risk management and compliance requirements around
user access to sensitive applications and data. Roles directly
support compliance by aligning access privileges to user job
functions within the organization and by providing business
context to lower-level entitlements and permissions that must be
reviewed by business managers and compliance staff.
|
- Role Mining and Engineering
The
pinSpark system mines data from flat files, directories, and
enterprise databases to collect information on IT resources
and locations, application interdependencies, and employee
information (title, location, relationships to other
employees). It then employees Pinnacle's proprietary role
engineering algorithms to evaluate that data and suggest an
optimal set of user roles for the organization.
|
- Role Exporting
After
roles are created, the role information is exported to a
third-party user provisioning system and/or identity
management system which assigns the roles and associated IT
access rights to specific employees.
|
- Role Editing and Management
The
pinSpark role wizards enable IT administrators to customize
individual roles and perform other management tasks. The
pinSpark identity warehouse collects and stores all of the
identity data used to create the roles, allowing CISOS and
IT administrators to manage it from one central place. The
identity warehouse may be hosted on any RDBMS with JDBC
drivers.
|
- Role Monitoring
The
system automatically monitors and identifies violations in
employee roles and access rights -- such as when an employee
moves into a new job and role with IT access privileges that
conflict with his old IT access rights. Depending on the
severity of the conflict -- low, moderate, or severe -- the
system responds either by sending an email or dashboard
alert to the administrator or by adding a warning to a
weekly or monthly report.
|
|
