Best Practices: Enterprise Role Management

Enterprise role management plays a central role in efficiently managing access rights and enforcing access policies such as segregation of duties (SoD). The processes and tools related to role management consist of role mining and design, recertification, and access recertification. Forrester's IT end user interviews revealed that successful organizations implement and maintain enterprise roles by: 1) establishing a closed-loop process that covers all strategy, people, process, and technology aspects of role management; 2) leveraging existing access information and repositories for role definitions; and 3) targeting simple areas that yield high return, such as where there is high employee turnover or where the workforce performs common and repetitive tasks requiring access to a limited number of applications and application features. Next practices include: 1) feeding access log information to the role management system to ensure that role definitions remain up-to-date and reflect how applications are being used; 2) using entitlement management solutions to enforce fine-grained access policies tied to enterprise roles; and 3) extending role definitions to identify federation partners.