SlideShare a Scribd company logo

Role-Based Access Control

E
EmpowerID

EmpowerID provides role-based access control and identity management capabilities. It uses business roles, resource roles, and locations to automate provisioning and management of access based on roles and attributes. Workflows can be visually designed to automate approvals and common processes. The system integrates with various applications and directories to manage identities and entitlements across an organization's IT resources and systems.

Technology
1 of 25
Role-Based Access Control Overview
EmpowerID Capabilities EmpowerID’s Role-Based Identity and Entitlement Management answers the question, “who should have access to which IT resources based on their job function and location, and for how long?” and then enforcesthe results across all enterprise systems. With EmpowerID's Business Process Management (BPM) platform, organizations visually design business processes as workflows to automate the lifecycle of enterprise identities, roles, and resources. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 2
Security Challenges Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 3 It should be easier to get access to the IT resources I need to work I want to delegate management but not lose control How can we report on who has access to what across all our systems
The “Make Like Bob” ProblemSecurity Based On a Moving Target Protected Resources Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Year N Year 2 Day 1 New Access Granted New Access Granted ? Multiple sites and roles SharePoint Who are you? ? ? ? PO Approver ? AD User: CMH OU X ? Custom Applications CRM LDAP User Send As Bob Sales Executive” ? ? Payroll & Unix User Person ? Full Access ? ? Sales Share Conference Room 5401 New Hire: Jim “Sales Executive” New Hire: Sarah “Sales Executive”
The Challenge with an AD Groups-only Approach? Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Access Granted Protected Resources ? Groups Multiple sites and roles John’s User Accounts ? What can you access, when, and why? Who are you? SharePoint ? ? PO Approver Helpdesk Manager ? ? No Reportable or Auditable Link ? Custom Applications Mailbox Helpdesk I Send As John ? ? Person Full Access Shared Mailbox ? ? ? Conference Room 5401
Protected ResourcesEmpowerID enforces security across systems Custom Application Windows Servers SAP Microsoft SharePoint Web Types of Protected Resources Active Directory Group Groups Web Resources Microsoft Exchange Mailbox EmpowerID is an authorization platform that can be extended to support any type of application and application resource. Protected systems containing resources are called “Resource Systems”. EmpowerID inventories Resource Systems and enforces permissions. Permissions Management = Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com
Resource Rights and OperationsRights and EmpowerID Operations Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Operations Rights EmpowerID Operations are specific tasks a user may perform or approve within an EmpowerID workflow or custom application. Granting EmpowerID Operations does not grant the user any capabilities within the native system. Rights are native permissions used by the application or operating system which manages security for the resource type in question. Granting these rights enables capabilities for users outside of EmpowerID in that system. Rights are continually monitored and enforced by EmpowerID. Example: Exchange Mailbox Example Mailbox Operations ,[object Object]
Decrease Quota
Edit SMTP
Enable OWA
Enable Calendar Auto-Accept
Edit Forwarding
Grant Send As
Grant Send On BehalfExample Mailbox Rights ,[object Object]
Send As
Send On Behalf
Full Access7
Resource RolesLogical Bundles of Rights and Operations Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Operations Resource Role Definition Rights ,[object Object]
Decrease Quota
Edit SMTP
NoneRecipient Admin I ,[object Object]
Decrease Quota
Edit SMTP
Enable OWA
Enable Calendar Auto-Accept

Recommended

Role based access control
Role based access controlRole based access control
Role based access control
Peter Edwards
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
Rbac
RbacRbac
Rbac
أحلام انصارى
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access control
Elimity
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 

Recommended

Role based access control
Role based access controlRole based access control
Role based access control
Peter Edwards
 
Role Based Access Control - Overview
Role Based Access Control - OverviewRole Based Access Control - Overview
Role Based Access Control - Overview
Hitachi ID Systems, Inc.
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Prolifics
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
Ajit Dadresa
 
Rbac
RbacRbac
Rbac
أحلام انصارى
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Attribute based access control
Attribute based access controlAttribute based access control
Attribute based access control
Elimity
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
Jerod Brennen
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
Chandra Sharma
 
Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
Deny Prasetia
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Lance Peterman
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
Matt McLarty
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
David Brossard
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
Prof. Jacques Folon (Ph.D)
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
Network Intelligence India
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
Lance Peterman
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
Prashanth BS
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Vinay Manglani
 
Data security authorization and access control
Data security authorization and access controlData security authorization and access control
Data security authorization and access control
Leo Mark Villar
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
Piyush Jain
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Authorization Services
Authorization ServicesAuthorization Services
Authorization Services
EmpowerID
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
Aidy Tificate
 

More Related Content

What's hot

Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
Deny Prasetia
 

What's hot (20)

Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Attribute Based Access Control
Attribute Based Access ControlAttribute Based Access Control
Attribute Based Access Control
 
Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Identity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. MookheyIdentity & Access Management by K. K. Mookhey
Identity & Access Management by K. K. Mookhey
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
 
Identity and Access Management
Identity and Access ManagementIdentity and Access Management
Identity and Access Management
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 
Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)Cloud Computing Risk Management (IIA Webinar)
Cloud Computing Risk Management (IIA Webinar)
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
Data security authorization and access control
Data security authorization and access controlData security authorization and access control
Data security authorization and access control
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 

Similar to Role-Based Access Control

Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRM
Kumari Warsha Goel
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
Guni Sonow
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
Kiran Kumar
 

Similar to Role-Based Access Control (20)

Authorization Services
Authorization ServicesAuthorization Services
Authorization Services
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Short Overview
Short OverviewShort Overview
Short Overview
 
User Manager
User ManagerUser Manager
User Manager
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
TDNF Seminar
TDNF SeminarTDNF Seminar
TDNF Seminar
 
Interview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRMInterview Questions For Microsoft Dynamics CRM
Interview Questions For Microsoft Dynamics CRM
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
 
Short Sales Overview of EmpowerID
Short Sales Overview of EmpowerIDShort Sales Overview of EmpowerID
Short Sales Overview of EmpowerID
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
 
Saipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_VitaeSaipraveen_Cirrculum_Vitae
Saipraveen_Cirrculum_Vitae
 
Oracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via IdmOracle Open World S308250  Securing Your People Soft Application Via Idm
Oracle Open World S308250  Securing Your People Soft Application Via Idm
 
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
ODTUG Learn from Home S E R I E S-Automating Security Management in PBCS!
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active Directory
 
Active directory introduction
Active directory introductionActive directory introduction
Active directory introduction
 

More from EmpowerID

More from EmpowerID (12)

SSO Manager
SSO ManagerSSO Manager
SSO Manager
 
Active Directory Self-Service Suite Overview
Active Directory Self-Service Suite OverviewActive Directory Self-Service Suite Overview
Active Directory Self-Service Suite Overview
 
Products
ProductsProducts
Products
 
Exchange Manager
Exchange ManagerExchange Manager
Exchange Manager
 
Workflow Studio
Workflow StudioWorkflow Studio
Workflow Studio
 
Workflow Services
Workflow ServicesWorkflow Services
Workflow Services
 
User Experience
User ExperienceUser Experience
User Experience
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
Connector Framework
Connector FrameworkConnector Framework
Connector Framework
 
Solutions
SolutionsSolutions
Solutions
 
Group Manager
Group ManagerGroup Manager
Group Manager
 
Password Manager
Password ManagerPassword Manager
Password Manager
 

Recently uploaded

Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Recently uploaded (20)

ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 

Role-Based Access Control

  • 2. EmpowerID Capabilities EmpowerID’s Role-Based Identity and Entitlement Management answers the question, “who should have access to which IT resources based on their job function and location, and for how long?” and then enforcesthe results across all enterprise systems. With EmpowerID's Business Process Management (BPM) platform, organizations visually design business processes as workflows to automate the lifecycle of enterprise identities, roles, and resources. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 2
  • 3. Security Challenges Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 3 It should be easier to get access to the IT resources I need to work I want to delegate management but not lose control How can we report on who has access to what across all our systems
  • 4. The “Make Like Bob” ProblemSecurity Based On a Moving Target Protected Resources Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Year N Year 2 Day 1 New Access Granted New Access Granted ? Multiple sites and roles SharePoint Who are you? ? ? ? PO Approver ? AD User: CMH OU X ? Custom Applications CRM LDAP User Send As Bob Sales Executive” ? ? Payroll & Unix User Person ? Full Access ? ? Sales Share Conference Room 5401 New Hire: Jim “Sales Executive” New Hire: Sarah “Sales Executive”
  • 5. The Challenge with an AD Groups-only Approach? Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com Access Granted Protected Resources ? Groups Multiple sites and roles John’s User Accounts ? What can you access, when, and why? Who are you? SharePoint ? ? PO Approver Helpdesk Manager ? ? No Reportable or Auditable Link ? Custom Applications Mailbox Helpdesk I Send As John ? ? Person Full Access Shared Mailbox ? ? ? Conference Room 5401
  • 6. Protected ResourcesEmpowerID enforces security across systems Custom Application Windows Servers SAP Microsoft SharePoint Web Types of Protected Resources Active Directory Group Groups Web Resources Microsoft Exchange Mailbox EmpowerID is an authorization platform that can be extended to support any type of application and application resource. Protected systems containing resources are called “Resource Systems”. EmpowerID inventories Resource Systems and enforces permissions. Permissions Management = Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com
  • 7.
  • 14.
  • 18.
  • 21.
  • 28.
  • 29. None
  • 30. Full AccessMailbox Supervisor Resource Roles are convenient bundles of Rights and Operations specific for a type of resource and are used for delegation. Rights are permissions used in an external system that can be managed by EmpowerID. Operations are code-based actions protected by EmpowerID (usually in workflows). 8
  • 31. Access In EmpowerIDAll assignments types result in matching a Person to a Resource Role Resource: Mailbox Send On Behalf Assigned To Resource Role Send As Person Full Access All permissions management in EmpowerID occurs by some time of assignment that results in a Person being granted a Resource Role for a Resource.
  • 32.
  • 33. Viewer: Distribution Group @ %SpecifyLocation%
  • 35.
  • 39.
  • 40. Membership Manager: Distribution Group @ %SpecifyLocation%
  • 41. Administrator: User Accounts @ %SpecifyLocation%
  • 42. Administrator: Computers @ %SpecifyLocation%
  • 44.
  • 48. Membership Manager: All Employees Group
  • 52. …IT Helpdesk Management Roles are job or responsibility-based bundles of Resource Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 10
  • 53.
  • 54. Viewer: Distribution Group @ NA Location and below
  • 56.
  • 57. Member: All NA Employees Group
  • 59.
  • 60. Membership Manager: Distribution Group @ NA Location and below
  • 61. Administrator: User Accounts @ NA Location and below
  • 62. Administrator: Computers @ NA Location and below
  • 64.
  • 65. Member: All NA Employees Group
  • 66. Membership Manager: All NA Employees Group
  • 70. …IT Helpdesk (North America) Management Roles are job or responsibility-based bundles of Resource Roles and Resource Type Roles to allow quick and consistent delegation of IT access needed to perform job responsibilities. 11
  • 71. Management Role InheritanceManagement Roles inherit Resource Roles assigned to their definitions IT Helpdesk Management Role Definition IT Helpdesk (North America) Management Roles (Children) IT Helpdesk (Asia) IT Helpdesk (Europe) Management Roles inherit Resource Role assignments from their definition and then include any assignments to the Management Role itself. The inheritance can only be 1 level deep from a definition to a Management Role. Management Roles cannot be children of other Management Roles or have more than 1 parent.
  • 72. Management Role OverviewManagement Roles inherit Resource Roles assigned to their definitions
  • 73. Management Role OverviewManagement Roles inherit Resource Roles assigned to their definitions Management Role Definition IT Helpdesk (North America) IT Helpdesk (Asia) IT Helpdesk (Europe)
  • 74. LocationsRepresent Logical and Actual Directory Hierarchies Physical “Mapped” Trees Logical Trees Inheritance of Delegations Location of a Resource EmpowerID supports both Logical and Physical trees within a single Location tree structure. Resources belong to their physical Location implicitly and can be assigned to any number of logical Locations to scope delegation assignments.
  • 75. Resource Role AssignmentsResource Role assignments are “scoped” by resource Location Assignment Scope Resource Role Assignee Recipient Admin I Delegations Recipient Admin II John Smith Resource Role assignments are limited or “scoped” by assigning the Resource Role only for Resources in or below a specific EmpowerID Location.
  • 76. Assignees and ScopesResource Roles Assignees and Scope Options Assignment Scope Resource Role Assignee Conference Room1 Mailbox Supervisor Single Resource John Smith Recipient Admin II Domain A: “Helpdesk Admins” group Location showing inheritance Recipient Admin II EmpowerID Business Role: Helpdesk Employees in Sydney Resource Role Assignments can be made to specific People, to Groups, or to EmpowerID Business Role / Locations. In each case, any Person matching the criteria will receive the delegations specified by the Resource Role for all resources within the scope of the delegation.
  • 77. Polyarchical RBACFlexible Business Roles scoped By Location Primary Business Role: Contractor in Sydney Secondary Business Role: IT Admin in Sydney John Smith An EmpowerID Person can have any number of dynamically or manually assigned Business Roles each scoped by Location. The Person will receive the cumulative RBAC assignments and policies directly assigned or via inheritance. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com
  • 78. RBAC MappingMap Physical Directory Locations to Logical Locations 19 Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com EmpowerID Business Role and Location mappings allows existing physical directory Locations and roles to be mapped to a logical management structure. e.g. Multiple AD or LDAP directory containers for “London” can be visually mapped to a single logical EmpowerID “London” Location for unified management and delegation.
  • 79. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 20 Resource EntitlementsRole-Based Resource Provisioning and Deprovisioning Resource Entitlements for Contractors in New York EmpowerID Resource Entitlements are policies that automate provisioning, moving, disabling, and deprovisioning resources automatically based upon user Role and Location changes. These automate the initial provisioning of resources when a new Person is created as well as their ongoing management. Resource Entitlements for Standard Employees in Sydney
  • 80. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 21 Policy-Based Attribute ValuesRole-Based Attribute Assignment Policy-Based Attributes for Contractors in New York EmpowerID policy-based attribute values are policies that automate the maintenance of any directory values that can be defined by Role and Location. Any attribute value of a Person can be assigned by policy and maintained automatically when Role or Location changes. Attribute values will update connected directories based upon attribute flow rules. Policy-Based Attributes for Standard Employees in Sydney
  • 81. A New Breed Of Identity ManagementFrom Code to Visual Process Management EmpowerID WF Process Traditional Identity Management Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com
  • 82. Copyright © 2010. empowerID is a trademark of The Dot Net Factory, LLC. |www.empowerid.com 23 Secure Business Processes DesignWorkflow Studio: Visual Process Designer EmpowerID BPM Studio is a drag and drop design environment for secure process automation. What You See Is What You Get user interface designers generate code free user interfaces.
  • 83.
  • 84.