Enterprise roles and Attribute Based Management
Background – Global Manufacturing Company
A Global Manufacturing company selected Anomalix to build an enterprise wide RBAC and ABAC strategy to solve manual access administration activities related to user turnover. Anomalix was able to establish a baseline of common access across the various job functions with high turnover. By identifying specific granular entitlements that controlled user access within critical applications by job function, Anomalix was able to identify and encapsulate roughly 80% of user access in Job roles.
Our Global Manufacturing client has over 350K users with up to 1,200 Job roles that could have as high as 10% turnover daily representing over 1,000 access related change events across 200 applications. Each application in many cases had it’s own custom entitlement repository that controlled user accounts entitlements.
How We helped
Anomalix worked with the Global Manufacturing client to analyze access across 200 applications. Many of these applications supported core business processes and had compliance implications. By implementing Job roles, coupled with automated fulfillment to key systems such as Active Directory, Oracle Financials, RACF and SAP, our client was able to realize ROI within 18 Months.
- Mined and Defined 1,200 Job Roles using a combinations of attributes.
- Created Birthright Membership Logic for all Job Roles.
- Rogue Access and Out of Role Entitlement Reporting.
- Automated fulfillment for Active Directory, Oracle Financials, RACF and SAP access requests.
- Implemented enterprise business roles, automated birth right access.
- On boarded 200 applications onto a centralized Identity governance platform.
- Improved the end-user access request experience.
- Strengthened the Global Manufacturer’s overall security and audit posture.