James McGovern, in a recent post to his “Enterprise Architecture: from Incite comes Insights” blog makes this comment to a recent post of mine, “On the Role of “Role Mining” in Enterprises”:
“I really hate stealth blog entries that don't talk about why and where role mining activities fail. In fact, I would love it if somewhere were to blog a comparison of starting with role mining vs starting with entitlements management and let the coins fall where they may”
James, thanks for your input. Actually, I thought I covered the “limitation” point, in the final part of my post:
“… Solutions are already available in the market: however I believe this is still a green field, open to innovation – in particular if we consider this in the overall context of Enterprise Identity Management (by including provisioning, access control policy setting and compliance management).
After all, the effectiveness of “Role Mining” solutions and related techniques can be measured in their capability of extracting meaningful set of roles, from a business perspective (i.e. meaningful to and comparable with an enterprise organisation) rather than purely from a technical perspective (i.e. a list of “labels” identifying abstract roles) and helping administrators to spot potential anomalies and suggest remediation steps – integrated with state-of-the-art identity management solutions.”
Do you see any additional limitation or cons about “Role Mining”? I’d like to hear your view on this – as you might have additional insights.
I think “role mining” is interesting from an IdM Research perspective – because of its potentials and also because of some of its current limitations.
I am not sure what you meant by “… comparison of starting with role mining vs starting with entitlements management”. In my view I see them as complementary approaches, not really in competition one against the other. Both could be used at different stages – depending on the context/need. Do you have a different view? What is your take on this? I am very interested in getting your comments on this.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment