how it is implemented in Solar inRights

Requirements for the functionality of IdM solutions are growing in line with expectations and new scenarios for access management in companies. Along with basic options, the capabilities of systems for incident investigation, informative interface, and increased speed of operation are becoming in demand. Russian vendors are also greatly influenced by the bar set by foreign suppliers of IGA/IdM solutions and the growing digital maturity of Russian customers who need systemic access management.

In this material Maria Konoreva, Leading Analyst, Information Systems Access Management Departmenttalks about a new feature in Solar inRights that allows you to effectively build a flexible role model and optimize the costs of executing routine requests for assigning access rights.

When building access control processes, the task arises of automating the assignment and change of powers for employees according to various criteria and rules. For example, automated assignment of access rights to various categories of employees upon hiring or transfer to another department or division.

Previously, the Solar inRights IdM system allowed setting up a role model based only on the user's employment. The mechanism of basic roles based on this feature allows setting up a role model that will cover the needs for distributing access based on positions and departments of the organizational structure.

For example, assign all senior accounting specialists a role that allows them to view documents and directories in the accounting system, or grant all database administrators the business role of “IT Administrator”, and so on.

But if the requests become more complex, and the role model is built not only on the fact of employment, but also on other attributes, for example, the type of employee, his affiliation with a product or project, or exceptions to the rules are added, such a mechanism no longer works.

That's why Solar inRights introduced a new concept called “Dynamic Policies” or, otherwise, “Role Assignment Policies”.

Fig. 1. Solar inRights Basic Roles

Fig. 1. Solar inRights Basic Roles

Role assignment policies are rules by which users are automatically assigned certain roles based on their attributes or the attributes of their employment. Given that Solar inRights allows you to enter a large number of attributes and expand their list if necessary, policies open up wide possibilities for customizing the process of automatically issuing access rights to employees.

Fig. 2. Role assignment policies

Fig. 2. Role assignment policies

Dynamic policies in inRights replace basic roles and expand their capabilities. Unlike basic roles, dynamic policies can be based not only on the company, department, or position of the employee, but also on other attributes – for example, the type of employee (full-time or part-time), personnel status, manager, project, and other attributes of the user and his employment known to inRights.

It is also possible to create complex policies that will take into account several user attributes and solve various company tasks in terms of automatic role assignment. At the same time, the setup mechanism itself is simple, and an employee without special technical skills can handle it.

Fig. 3. New role assignment policy

Fig. 3. New role assignment policy

When creating a policy, the administrator specifies a list of roles that will be assigned according to the policy and a set of conditions – rules, based on which the system will decide which user to assign these roles to. The rules include the object to which the rule will be applied (the user or their employment), an attribute, an operator, and a value.

For individual specific attributes, other additional parameters can be added. The types of attributes that can be used are gradually expanding. First, we added the ability to specify simple text attributes, then attributes that are links.

The list of possible operators allows you to configure rules as exceptions – for example, the policy will apply to all users except users from department “A” or to everyone whose name is not “Ivan”.

Policies can be created, modified, and enabled or disabled as needed. Disabled policies will not be applied until they are re-enabled. This means you can first configure the entire list of policies, ensure that it is sufficient, and then start the process of applying policies to existing users.

In the policy card, you can see a list of users who have been assigned roles according to this policy, and in the cards of these users, you can see this policy as the basis for assigning a role.

Fig. 4. Users assigned roles according to policy

Fig. 4. Users assigned roles according to policy

Fig. 5. Roles assigned to the user

Fig. 5. Roles assigned to the user

Conclusions:

The main advantages of the Solar inRights IdM system:

1. Flexibility and adaptability. Policies allow you to customize the role model in accordance with the needs of the organization, taking into account various attributes of users and their employment. This makes it possible to more accurately and effectively manage employee access to the company's information resources.

2. Easier access management. Automatic policy-based role assignment frees administrators from having to manually configure access rights for each employee. This reduces the likelihood of errors and speeds up the process of granting access to new employees.

3. Increased data security. Dynamic policies allow you to provide access to confidential information only to those users who really need it. This helps prevent unauthorized access and protect data from internal and external threats.

4. Easy to set up and use. Solar inRights interface allows you to easily create, edit and enable/disable policies. This makes the process of setting up a role model accessible even to specialists without special technical skills.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *