Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

EmpowerID’s sophisticated role and relationship modeling allows security architects to model the organization and its structure and policies, including segregation of duties policies to prevent undesired combinations of access. Flexible attribute-based ABAC or PBAC policies support the centralized real-time decision point for applications that can call the EmpowerID API for authorization decisions. The ABAC/PBAC engine enhances or modifies the powerful RBAC engine's decisions, allowing their use only when greater flexibility or contextual information such as risk, location, and MFA type is required. ABAC/PBAC policies are made much more potent by including the pre-calculated access results that the engine derives from complex RBAC policies that account for inheritance and even attribute-based queries.

Defining position appropriate access for a large organization can be a challenge and maintaining it even more so. However, without this guideline, IT organizations are forced to resort to costly and inefficient manual processes making it more challenging to achieve Compliant Access. Defining and efficiently maintaining position appropriate access is only possible using Role-Based Access Control. Roles are bundles of access that can be assigned to users or linked to an organization’s policies. Roles optimize the delivery of Compliant Access by defining the access needed and appropriate for each type of employee or supplier that must be provisioned across an organization’s on-premise and Cloud systems. The flexibility and power of an Identity and Access Management solution’s RBAC model can make or break many projects. If poorly designed, no amount of consulting or engineering will lead to a manageable role model, and the RBAC system itself becomes the source of project failure. Rohde & Schwarz has embarked on this project to replace an aging IAM system to overcome these limitations. EmpowerID’s RBAC engine is the most sophisticated and often cited as the most significant single contributor to customer projects' success. For modeling role-based permission policies, EmpowerID offers a 3-tiered RBAC model with a Business Role tier, a Functional Role tier, and a Technical Role tier.

The EmpowerID hybrid RBAC/ABAC/PBAC model was designed to solve these common RBAC challenges:

·      Too Many Roles – “Role Explosion”

·      Roles Not Tied to an Authoritative Source Like SAP HR

·      Lack of Automation for Role Assignments/Revocation

·      Roles and Their Entitlements are Cryptic and Unintelligible to Business Users

·      Minimal Enforcement of Access Expirations and Renewals

·      Lack of a Centralized Policy Model and Authorization Service Across All Systems

·      Not a Future Proof Solution Allowing Bosch to Embrace New Areas Like IoT

The EmpowerID system uses

Role-Based Access Control (RBAC) is a framework designed to allow organizations to more efficiently manage permissions across applications and other protected IT resources.

...

EmpowerID has a three-tiered RBAC model.

...

Business Role: Business Role is a user-defined hierarchical container for grouping people. For more details please click here.

...