Skip to main content

Role mining

Description

Soffid’s role mining feature applies data mining technology to create business profiles based upon current application permissions in order to minimize the number of roles to be managed and maintained with the relevant cost saving.

In this context, Soffid allows the administrator to select different role management strategies:

  • More roles with fewer permissions.
  • Fewer roles with more permissions.
  • Balanced approach.

Screen overview

Custom attributes

Scope

  • Description: a brief description to identify the operation.
  • Groups: This component allows you to add groups to the list. Those groups will be evaluated with the role mining process.
  • Applications: This component allows you to add applications to the list. Those applications will be evaluated with the role mining process.

Parameters

  • User entitlement management cost How much does it cost to assign a role to a user?
  • Role entitlement management cost: How much does it cost to assign a role to a profile?
  • Role management cost: How much does it cost to create a role? 
  • Status:
    • Preparation
    • Scheduled
    • Review
    • Finished

Results

  • Name: name for the new role.
  • Description: a brief description.
  • Actual Users: actual users number.
  • Permission: roles number.
  • Benefit: benefit to be obtained.
  • Cost: current cost.
  • Status:
    • Proposed.
    • Accepted.
    • Rejected.

Reports

  • Permissions per role
  • Users per role
  • Entitlement changes

Actions

Role mining query actions

Query

Allows you to query the role mining process through different search systems, Basic and Advanced.

Add or remove columns

Allows you to show and hide columns in the table. You can also set the order in which the columns will be displayed. The selected columns and order will be saved the next time Soffid displays the page. 

Add new

Allows you to add a new role mining process in the system. You can choose that option on the hamburger menu or by clicking the add button (+). 

Delete

Allows you to remove one or more role mining processes by selecting one or more records and next clicking the button with the subtraction symbol (-). To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Download CSV file

Allows you to download a CSV file with the basic information of all role mining processes. 

Merge

Allows you to merge two identities when you identify that is necessary.

First of all, you need select two identities. Second, you need to click the hamburger icon and select the merge action. Then Soffid will display a window where you need to select the correct value for each standard and custom parameter. Finally, you need to apply changes to save the updates, or back to cancel that action.

Role mining scope

Save

Allows you to save the scope defined. It will be mandatory to select some groups and information systems before continuing. When the role mining process is created, the default status will be Preparation.

Add Groups

Allows you to add new groups to be evaluated. You need to click the add groups button (+) and search the proper groups, then click the Add group button.

Add Applications

Allows you to add new applications to be evaluated. You need to click the add application button (+) and search the proper groups, then click the Add application button.

Undo

Allows you to quit without applying any changes. 

Next

Allows you to browse to the Parameter step. It will be mandatory to select some groups and information systems before continuing.

Parameters

Start

If you click the start button, Soffid will change the process status to Scheduled.

Undo

Allows you to quit without applying any changes. 

Result

Next

If you click the Next button, Soffid will browse to the Reports tab.

Undo

Allows you to quit without applying any changes. 

Reports

Download

Allows you to download a report with the permissions matrix.

Apply changes

If you click the Apply changes button, Soffid will make the changes in the roles of users and entitlements.

Undo

Allows you to quit without applying any changes.