0

Access management

Implementing an effective role management strategy ensures that user access is controlled and managed in the context of job functions (e.g. Branch Manager) or specific access to a service (e.g. One.CBA Editor). Where roles provide privileged access (e.g. Administrator access to a database) or pose a higher risk, additional controls must be applied.

The Sage case study really challenges Doug’s thinking. He asks Jamie about his specific responsibilities when it comes to roles management. She describes the key aspects of:

Role profile

The data that provides context or additional information about the role (e.g. role name, role description, role ownership, role risk rating).

Role construct

The core substance of the role (e.g. role type, role classification, role composition, assignment rules, constraints, Segregation of Duties functions, approval workflow, identity lifecycle events, role utilisation).

Roles are living entities that undergo a number of changes over time and must be proactively managed through the role lifecycle (i.e. create, modify, review, retire).