Bottom Up Role Mining
After completing top-down role mining, much of each user’s access will be is delivered and controlled via through Business Roles. The While the top-down model is effective for optimizing optimizes access based on what a person does within an organization. The remaining unoptimized access assigned to users consists of defined organizational roles, some access remains unoptimized. This unoptimized access often includes less structured team or matrix-based access assignments and exceptions. This access can also be optimized using To address these, EmpowerID employs a technique known as bottom up analytical role mining. Bottom Bottom-Up Analytical Role Mining.
Bottom-up role mining is a multi-step process that involves creating, running and analyzing "involving the creation, execution, and analysis of Role Mining Campaigns. " Role Mining Campaigns These campaigns leverage powerful machine learning algorithms to analyze entitlement and user data using powerful machine learning algorithms to produce optimal ", producing optimal candidate roles" containing user combinations of people and entitlements. These are then analyzed and accepted or manipulated to create subsets of combinations. Once candidate roles are accepted, they can be published as standalone Management Roles, mapped to Business Roles and Locations or used to create new Business Roles and Locations.
Role Mining Campaigns
In EmpowerID, Bottom Up role mining is a multi-step process that involves creating, running and analyzing "Role Mining Campaigns." Role Mining Campaigns produce "candidate roles" containing combinations of people and entitlements, which can then be analyzed and accepted or manipulated to create subsets of combinations. Once candidate roles are accepted, they can be published as standalone Management Roles, mapped to Business Roles and Locations or used to create new Business Roles and Locations. From a high level, the processes you need to follow to mine roles is represented by the below image.
...
The above image depicts two Role Mining campaigns. In the first campaign, candidate roles are analyzed and used to create a standalone Management Role as well as a Management Role that is mapped to an existing Business Role and Location. In the second campaign, candidate roles are analyzed and used to create a standalone Management Role a new Business Role and Location. The specific steps involved are as follows:
...
the process of bottom-up role mining can be summarized as follows:
Create and Configure Role Mining Campaigns: You begin by selecting individuals, attributes, and entitlements based on role-based access control (RBAC) groupings. This might include all users in specific Business Roles, Locations, Query-Based Collections
...
, or Group memberships. Compiling
...
these campaigns captures the entitlements and
...
attributes of each
...
user within the specified RBAC grouping and saves that data to the EmpowerID Identity Warehouse.
...
Step 2 — You review the compiled campaign data, optionally slicing that data into subsets and when ready create "runs." Runs, in turn, create candidate roles which contain the users and entitlements you specified in the campaign.
Review Compiled Data and Create Runs: After compiling the campaign data, you can review and, if necessary, segment it into subsets. When ready, you create "runs," which generate candidate roles containing the specified users and entitlements.
Analyze and Publish Candidate Roles: Finally, you analyze the run results. You can discard or publish the candidate roles created
...
The topics in this section take you through each of these steps, showing you how to get started with Role Mining in your environment.
...
during this process.
The image below illustrates two Role Mining campaigns. In the first campaign, candidate roles are analyzed to create a standalone Management Role and a Management Role mapped to an existing Business Role and Location. In the second campaign, candidate roles led to the creation of a standalone management role and a new business role and location.
...
Next Steps
Configure role miningRole Mining
Analyze run resultsRun Results
Publish candidate rolesCandidate Roles