RSA Business Role Manager
Automate The Discovery and Creation of Business Roles to Govern User Access

Overview:

RSA Business Role Manager helps organizations deploy effective role-based access controls, which streamlines access delivery and simplifies compliance. RSA Business Role Manager delivers top-down and bottom-up role discovery, creation, modeling and suggestion. RSA Business Role Manager helps streamline access based on "birthright" entitlements associated with specific functional roles, ensuring, for example, that HR managers receive access to HR systems.

• Comprehensive Role Lifecycle Management - Enables organizaitons to implement a role-based approach to governing user access. Provides collaborative process and automation for role discovery, modeling modification, approval, certification and continuous lifecycle management, which streamlines access delivery and simplifies access compliance.
• Enterprise-Wide Visibility - Roles supports a common lanaguage for access that can be easily understood by business user and IT. The correlation of "who has access vocabulary provides the transparency to support simplified administration and compliance.
• Analytics & Decision Support - Sophisticated role modeling rules and analytics ensure that role management decisions are based on the value a role brings to an organization.
• Provisioning Integration - Role assignments and role entitlement structure changes are automatically synchronized with user provisioning systems, or directly fulfilled with RSA's Via Lifecycle module.

With Business Role Manager, Organizations Can:

• Automate the complete role lifecycle, including discovery, modeling, approval, modification, assignment, certification and on-going management.
• Create collaborative processes that engage key stakeholders in the design, modification, certification and management of roles.
• Design flexible processes for modeling roles top-down, mining roles bottom-up and creating organizational role hierarchies.
• Report and analyze the usage and effectiveness of roles over time.
• Detect and manage out-of-role entitlements to ensure that business policy and compliance objectives are being achieved.
• Integrate with user provisioning systems for role synchronization.

Capability Highlights

Enterprise-Wide Visibility - Business Role Manager automates the collection and correlation of entitlement and role information across all application and data resources to provide enterprise-wide visibility into common access across users.

Business Roles - Business context can be leveraged to define business roles, which provide a layer of abstraction above existing entitilements, technical roles and application roles. This establishes a common laugange for access that can be easily understood by business users. A collaborative process for role design, modification, approval and management ensure participation by key stakeholders from IT and the business in order to capture unique organizational processes, specific attributes and control requirements.

Flexible Role Model - Support for complex role hierarchies and inheritance models accommodates an organization's unique requirements for mapping access relationships between users and their roles. A powerful rules engine provides impact-scenario analysis when designing new roles or modifying existing roles, to ensure that entitlement combinations do not create business policy or compliance violations (e.g. segregation of duties).

Role Certification - When used in conjunction with the RSA Identity Governance module, provides an automated process for role certification, which ensures that roles are maintained appropriately and that role owners or other designated business managers are accountable for reviewing role entitlement structure and membership. Role structure changes that result from a role review are tracked for auditing purposes.

Change Management - User entitlement changes resulting form role assignments can be accomplished through notificaitons to application owners, IT change management systems or user provisioning systems. A closed-loop validation process ensures that changes are completed successfully, or escalated if not. A complete audit trail captures all approvals, escalations and changes.

Role Reporting and Analytics - A comprehensive set of metrics and reports provides the administrative insight and decision support to ensure that roles are effective for an organization, and minimizes role proliferation. Information security and business managers are able to set and monitor key performance indicators for roles, as well as identify and manage out-of-role entitlements. Role quality analysis provides the decision support for role owners ot understand when a role needs to be changed or is no longer useful and should be combined with a similar role or retired.

Business, Technical and Applicaiton Roles - Existing technical or application roles defined within user provisioning, ERP systems and other applications can be imported for analysis, refinement or enhancement. Business context can be used to improve these roles or define new business roles that contain existing roles. User entitlement changes resulting from new or modified role assignments for users are orchestrated across applications, user provisioning systems, and other access change management systems.

Achieving Effective Role-Based Access Goverance - Organizations can easily align access privileges to job reponsibilities, and other business requirements, to ensure that user access is always compliant. Business Role Manager provides an automated, collaborative and continuous approach for discovering, designing, certifying and maintaining roles over their entire lifecycle.