go:Roles is a tool for the initial permissions analysis when introducing an IAM system. go:Roles can be used for modeling roles and continuously updating them in ongoing IAM operations.
- Designing a role model
- Role mining
- Role definition
- Role changes
- Validation of roles
- Role maintenance
The solution supports segregation of duties (SoD) and analysis of permissions.
go:Roles includes all the same functions as go:Roles Analysis Edition.
Typical Use Cases for Identity Management
Pushing the boundaries of the traditional approach
A major pharmacy retail chain found that the current IAG solution was reaching its limits when it came to defining, implementing and maintaining role concepts.
Solution:We made role management quick and easy
go:Roles simplified and shortened the time it took to define complex roles as well as maintenance cycles. go:Roles integrated seamlessly into the existing identity governance solutions to provide ongoing role maintenance.
Old and outdated SAP permissions?
A German financial institution with old and outdated permissions structures in SAP and Microsoft infrastructures only narrowly passed a BaFin audit.
Role mining is less complex than you think
go:Roles analyzed the permissions and immediately proposed new role definitions in the context of users and the organization. go:Roles has solved the issue identified during the BaFin audit.
An insurance company was going through a corporate restructuring. The identity & access solution in place could not guarantee the correct entitlement assignments.
React methodically to changes
go:Roles revised the business role models and seamlessly integrated with the new structure. Ongoing maintenance of roles and entitlements is now managed successfully with go:Roles.
What is go:Roles?
Who is assigned which permissions? Why? Most organisations still assign them without a methodical, easy-to-manage process. Even the assignment of permissions in most identity and access governance solutions is defined based on “soft” factors.
The introduction of a role-based access concept needs to be carefully planned and implemented, since it can affect the entire company. However, existing permissions are often only superficially transformed, or transformed with a great deal of time and effort, into roles. The question is, how can standard access management processes be automated cost-effectively and without intense effort?
go:Roles is a comprehensive tool for designing, controlling and maintaining business role models that works in conjunction with any Identity and Access Governance (IAG) solution.
Support during data gathering of organisation, identities, target system accounts and permission
Role modeling, based on intelligent role mining
Initial load of an IAG solution (the initial actual status of target systems)
Continuous maintenance of the complete role model
Adoption of organisational or IT infrastructure changes
Clear layout and performant display of relationships between the organisation, employees, roles and permissions
Convenient filtering of relevant information
Bulk operations for multiple roles
Visualisation of role differences
Cross-system search function
Task-oriented access management
List dialogues allow precise selections
“You can only optimise what you know.”
Do you want to know:
- Who can access which data?
- Which permissions for directories do not correspond to the administration guidelines?
- Which accounts exist, and whether the saved data is correct?
These and other questions are answered and illustrated in go:Roles Analysis Edition, the tool for account data and permissions analysis, including file system permissions.
go:Roles Analysis Edition is the reduced-price version of the comprehensive solution go:Roles, which focuses on the analysis functions.
Filesystem/ACL analysis: “Who has what?”
This analysis provides information about who has access to which data and directories, and via what path, or conversely, which files/directories someone can access in what way.
Guideline violations, e.g. non-rule-compliant names (e.g. “read” groups with write permissions) are uncovered, along with direct references to users and references to unknown users and owners.
Various permission paths are also shown in order to ensure that permissions are ultimately removed.
Analyzing and revising permissions structures
go:Roles Analysis Edition delivers prefabricated evaluations for analysis and adjustment. It offers a clear picture of group structures, including interlocking and nested groups.
Groups that are not needed (empty), as well as orphaned groups and dangerous circular references, are identified. That means strategies for action can be developed, redundancies eliminated and double permissions pathways avoided.
go:Roles Analysis Edition supports Microsoft’s ADGLP methodology. The advantage is that it creates clean, unambiguous permissions structures that provide a clear overview and eliminate more complex permissions structures.
Analyzing accounts and their data
All available user accounts and their attributes can be displayed, filtered, linked or compared. That provides a transparent data overview that is easier to use than Excel tables.
The data is provided in a relational data structure, so it can be combined to make further analyses significantly easier. You can relate accounts and data from multiple systems to one another, and switch from an account-based perspective to an identity-based perspective.
Furthermore, it is possible to combine various systems. That makes it easier to review the implementation of rules across systems, e.g. comprehensive SoD (segregation-of-duties) conformity, beyond a single system.