Courion Tip – Role Mining and Shopping Carts

We use a “shopping cart” analogy to allow the users to request access to systems. We also have a “model after” process, where they can pull up a user’s ID and select whatever accounts that other user has, and then request them. (OF COURSE, that request must then get approved before the accounts are created). 

We already have these processes in place. So, what is the difference between a role and a shopping cart that has already been filled up for you? OR, between modelling your account after a ROLE definition instead of someone else?   We are struggling with that very question, and haven’t been able to come up with a logical objection to using the processes we already have in place. We could “stamp” the request pre-approved, or we could simply send it thru the same approvals process that all requests are currently sent thru (both are viable options). This would allow us minimal development time….

Anyway, we are not there yet, still struggling with it.


Posted August 6, 2010 by mmdmurphy in Courion Tip

Tagged with

%d bloggers like this: