<Insert Picture Here>

Oracle Role Manager

Carl TerrantroyDirector Market Initiatives ANZ

2

Roles In The Real World

Org=Corporate

Org=Finance

Org=APAC

Org=Sales

Org=Marketing

Org=EMEA

Org=Americas

Part Of Reports Into Matrix Into Job Sharing Head Of Pays For

Ps=John

Ps=AR Clerk

Ps=Jane

Ps=Ian

Ps=Raj

Ps=Clark

Ps=Wang

Ps=Irene

Ps=Kelly

Ps=AmitPs=Vladimir

3

Challenges With HR & LDAP

• Functional roles usually do not match org. hierarchy• Contractor management is complex• Limited out-of-the-box integration

4

<Insert Picture Here>

Agenda

• Why Role Manager• IDM Integration• Role Concepts

5

The Evolution of Identity ManagementThen We Added Provisioning Tool …..

ApplicationsUser

TheIT Dude

TheHelpdesk

Guy

The CatWho MakesThe Rules The Boss

Resolving policies into WHO is not trivial

Rules and polices are constantly changing

But Provisioning Tools Are Not “Business Smart” …..

Provisioning helpswith self service& administration

Provisioning helpswith automation & audit

6

The Evolution of Identity ManagementEnterprise Role Management Completes The Puzzle

Applications

Provisioning helpswith self service& administration

Provisioning helpswith automation & audit

Role Management helps define who has

to do what

Role Management helps define who should have

access to what

UserThe

IT Dude

TheHelpdesk

Guy

The CatWho MakesThe Rules The Boss

7

Required Bolt-OnComponentsProvisioning Platform

Open ArchitectureSun, IBM, CA, Novell

User & PolicyRepository

LDAP

Workflow &Other Meta DataDatabase & File

Transaction &Audit LogsDB & File

HR-LDAPSynchronization

Workflow

RoleManagement

Reporting &Attestation

SEMLog Correlation

MessagingBus

Store key onlyNo provisioning historyNo reconciliation history

CustomIntegration

No historyorUser Profile History Log

No rogue entitlementDetection

ReportingDB

Real-time scan reporting

Manually configured event logging

8

Role Lifecycle Manager

Polyarchy Manager

Logical Architecture

Services

User Interfaces RoleAdmin

Mining

ReportingAuditing

DataLoading

RoleProvider

TemporalEngine

Security

Permissions

Views

• Organization Hierarchies • Cross Hierarchy Relationships• Life Cycle Management

• Business And IT roles• Approver Roles• Privileges• Role Mappings• Dynamic Membership Rules• Membership Rule Simulation• Sphere of Influence• Event Driven Role Recalculation

Mining Engine

• Role And Rule Mining• Role And Rule Export• Role Clean Up• Rogue Access Detection• Role Cleansing For Seg. of Duties

API

9

Role & Rule Mining

• Role mining• Rule mining• Exports roles and members for ongoing

role management

ApplicationsApplications

Mining EngineMining Engine

Role ManagementRole Management

Accounts,Attributes,

Entitlements

RecommendedRoles

& Rules

10

Polyarchy With Relationship Resolution

Ps=JohnVP Sales

Ps=VladimirGM, EMEA

Ps=AmitGM, APAC

Ps=KellyGM, Americas

Ps=JaneAccount Manager

Ps=IanAccount Manger

Ps=RajAccount Manager

ORM Polyarchy

Engine

Show sales team grouped

by geographical business unit

hierarchy

11

Approver Role

• Relationship based roles that capture approval policies• Role membership resolved in real time for any service

12

Role Administration

• Centralized enterprise role management• Support for complex rules• Ease of use for business users• Real-time integration

System Privileges

IT Roles

BizRoles

13

Business Rules ERM Can Cope With

• Compliance manager is the financial analyst assigned to the division

• Level-up manager is manager’s manager and at least one grade higher

• Risk manager cannot approve his own transactions• When approver position is empty find the level-up

manager within cost center• In catastrophic events, approver changes from regional

general manager to line-of-business manager• Branch manager delegates must have series 9 – 10

certifications

Role Consolidation through Role Mining

15

Summary

• Missing link between binary IT systems and adaptable organisation structures

• Copes with loose structures like dotted line reporting• Extend the capability of your existing IDM investment

16