If you read my previous blog on entitlements, you might think that it's not a big deal. After all, how much management overhead can there really be for a few groups in Active Directory that represent entitlements? Jackson Shaw from Quest Software quotes a customer in his blog as saying that
We have over 300,000 groups (distribution lists, security groups) scattered across our company. Forget about "managing" them! I'd simply like to know if they are even being used let alone what for!!
Quest's products deal with Active Directory and groups and my entitlement example uses Active Directory and groups (art imitates life!) but there are other ways entitlements and their lifecycle come up as challenges. Consider an instance of Oracle's e-Business Suite (EBS). Do you know how many roles and responsibilities (coarse-grained and fine-grained entitlements) are there across apps/modules in an EBS instance? Go ahead and ask your DBA, I dare you. I've seen an EBS installation with close to 50,000 responsibilities. Oh and then there's RACF and TopSecret, they deserve a blog post of their own.
A Flock of Seagulls (Feeling Entitled)
by Deborah Volk on April 8th, 2009
Posted in Change Management, Identity Management, Access Management Tagged with entitlements, lifecycle, groups
Leave a Comment
Access Management (19)
Ask Identigral (6)
Change Management (10)
Data Quality (4)
Identity Management (27)
Passlogix v-GO (3)
Sun OpenSSO (3)
Sun Role Manager (3)
11g 3rd bday JavaOne SAML academia accuracy active directory adapters administrative agilent ask identigral attestation audit bpel bpmn bpm business case cdi cloud computing connectors contextual search data masking data quality deployment dip entitlements federation gartner groups gtc guests insider threats insider threat java jca jms lifecycle limericks linux mashup mdm messaging migration nabaztag oaam oam oas obiee oc4j oel off-boarding ohs oid oif oim oow09 opensso operations osso ovd owsm passwords patching performance phi privileged accounts provisioning queues reconciliation risk rocks rogue accounts rsa10 semantics siem sim sjsds sod solaris suncle thermodynamics twitter virtual reality vpd waveset webinar whitepapers