go:Roles - Role Management
Design, Create, Control and Maintain Business Role Models

go:Roles is a tool for the initial permissions analysis when introducing an IAM system. go:Roles can be used for modeling roles and continuously updating them in ongoing IAM operations.

  • Designing a role model
  • Role mining
  • Role definition
  • Role changes
  • Validation of roles
  • Role maintenance

The solution supports segregation of duties (SoD) and analysis of permissions.

go:Roles includes all the same functions as go:Roles Analysis Edition.


Click here for a quick video about go:Roles:

Want to learn more? Schedule a Webcast for go:Roles

Please tell us your e-mail address and your name. We will then contact you to agree on a demo webcast appointment.

Please enter name
Please enter email address Email address not valid

Typical Use Cases for Identity Management


Pushing the boundaries of the traditional approach

A major pharmacy retail chain found that the current IAG solution was reaching its limits when it came to defining, implementing and maintaining role concepts.


We made role management quick and easy

go:Roles simplified and shortened the time it took to define complex roles as well as maintenance cycles. go:Roles integrated seamlessly into the existing identity governance solutions to provide ongoing role maintenance.


Old and outdated SAP permissions?

A German financial institution with old and outdated permissions structures in SAP and Microsoft infrastructures only narrowly passed a BaFin audit.


Role mining is less complex than you think

go:Roles analyzed the permissions and immediately proposed new role definitions in the context of users and the organization. go:Roles has solved the issue identified during the BaFin audit.


Intercept Restructurings

An insurance company was going through a corporate restructuring. The identity & access solution in place could not guarantee the correct entitlement assignments.


React methodically to changes

go:Roles revised the business role models and seamlessly integrated with the new structure. Ongoing maintenance of roles and entitlements is now managed successfully with go:Roles.

What is go:Roles?

Who is assigned which permissions? Why? Most organisations still assign them without a methodical, easy-to-manage process. Even the assignment of permissions in most identity and access governance solutions is defined based on “soft” factors.

The introduction of a role-based access concept needs to be carefully planned and implemented, since it can affect the entire company. However, existing permissions are often only superficially transformed, or transformed with a great deal of time and effort, into roles. The question is, how can standard access management processes be automated cost-effectively and without intense effort?

go:Roles is a comprehensive tool for designing, controlling and maintaining business role models that works in conjunction with any Identity and Access Governance (IAG) solution.

Functional Benefits

  • Support during data gathering of organisation, identities, target system accounts and permission

  • Role modeling, based on intelligent role mining

  • Initial load of an IAG solution (the initial actual status of target systems)

  • Continuous maintenance of the complete role model

  • Adoption of organisational or IT infrastructure changes

Technological Benefits

  • Clear layout and performant display of relationships between the organisation, employees, roles and permissions 

  • Convenient filtering of relevant information

  • Bulk operations for multiple roles

  • Visualisation of role differences

  • Cross-system search function

  • Task-oriented access management

  • List dialogues allow precise selections

go:Roles Analysis Edition
The tool for account data and permissions analysis

“You can only optimise what you know.”

Do you want to know:

  • Who can access which data?
  • Which permissions for directories do not correspond to the administration guidelines?
  • Which accounts exist, and whether the saved data is correct?

These and other questions are answered and illustrated in go:Roles Analysis Edition, the tool for account data and permissions analysis, including file system permissions.

go:Roles Analysis Edition is the reduced-price version of the comprehensive solution go:Roles, which focuses on the analysis functions.

Filesystem/ACL analysis:
“Who has what?”

This analysis provides information about who has access to which data and directories, and via what path, or conversely, which files/directories someone can access in what way.

Guideline violations, e.g. non-rule-compliant names (e.g. “read” groups with write permissions) are uncovered, along with direct references to users and references to unknown users and owners.

Various permission paths are also shown in order to ensure that permissions are ultimately removed. 

Analyzing and revising permissions structures

go:Roles Analysis Edition delivers prefabricated evaluations for analysis and adjustment. It offers a clear picture of group structures, including interlocking and nested groups.

Groups that are not needed (empty), as well as orphaned groups and dangerous circular references, are identified. That means strategies for action can be developed, redundancies eliminated and double permissions pathways avoided. 

go:Roles Analysis Edition supports Microsoft’s ADGLP methodology. The advantage is that it creates clean, unambiguous permissions structures that provide a clear overview and eliminate more complex permissions structures.

Analyzing accounts and their data

All available user accounts and their attributes can be displayed, filtered, linked or compared. That provides a transparent data overview that is easier to use than Excel tables.

The data is provided in a relational data structure, so it can be combined to make further analyses significantly easier. You can relate accounts and data from multiple systems to one another, and switch from an account-based perspective to an identity-based perspective.

Furthermore, it is possible to combine various systems. That makes it easier to review the implementation of rules across systems, e.g. comprehensive SoD (segregation-of-duties) conformity, beyond a single system.

Other products from COGNITUM Software

Managing Identities with go:Identity


The standard-based Identity Management Solution with preconfigured user, access and role management, which meets all legal compliance requirements.



The development platform for quick and easy creation of standardized and highly secure JAVA-based web applications.