Role-Based User Provisioning

Provisioning new users with access to multiple IT systems is both time-consuming and a potential security risk. Too often, IT provisioning is done in an ad-hoc fashion, resulting in employee gaining access to systems they shouldn't have, or neglecting to terminate old accounts. This poses both a security risk and a risk to the company's compliance with regulations such as SOX , HIPAA and others.

Role management has become a critical component in creating a consistent, and compliant, method of IT provisioning.  By assigning users roles that define their business functions and IT resource needs, IT departments can not only speed the provisioning process but ensure that users are only being granted access to data and systems they need for their current positions.

Roles directly support compliance by aligning access privileges to user job functions within the organization and by providing business context to lower-level entitlements and permissions that must be reviewed by business managers and compliance staff.

Key role management capabilities in pinSpark

         Role Mining and Engineering. The pinSpark system mines information from flat files, directories, and enterprise databases to collect information on IT resources and locations, application interdependencies, and employee data. Pinnacle's proprietary role engineering algorithms suggest an optimal set of user roles for the organization.

         Role Exporting. The roles are then exported to a third-party user provisioning system and/or identity management system which assigns  the roles and associated IT access rights to specific employees.

       Role Monitoring. The system automatically monitors and identifies violations in employee roles and access rights -- such as when an employee moves into a new job and role with IT access privileges that conflict with his old IT access rights.  Depending on the severity of the conflict -- low, moderate, or severe -- the system responds either by sending an email or dashboard alert to the administrator or by adding a warning to a weekly or monthly report.