A Flock of Seagulls (Feeling Entitled)

by Deborah Volk on April 8th, 2009

If you read my previous blog on entitlements, you might think that it's not a big deal. After all, how much management overhead can there really be for a few groups in Active Directory that represent entitlements? Jackson Shaw from Quest Software quotes a customer in his blog as saying that

We have over 300,000 groups (distribution lists, security groups) scattered across our company. Forget about "managing" them! I'd simply like to know if they are even being used let alone what for!!

Quest's products deal with Active Directory and groups and my entitlement example uses Active Directory and groups (art imitates life!) but there are other ways entitlements and their lifecycle come up as challenges. Consider an instance of Oracle's e-Business Suite (EBS). Do you know how many roles and responsibilities (coarse-grained and fine-grained entitlements) are there across apps/modules in an EBS instance? Go ahead and ask your DBA, I dare you. I've seen an EBS installation with close to 50,000 responsibilities. Oh and then there's RACF and TopSecret, they deserve a blog post of their own.


Posted in Change Management, Identity Management, Access Management    Tagged with entitlements, lifecycle, groups


0 Comments


Leave a Comment
Home
Search

Subscribe

follow on
Topics

(Legacy) Oracle Identity Management (5)
Access Management (19)
Ask Identigral (6)
Business Perspective (7)
Change Management (10)
Data Quality (4)
Directory Services (5)
Enterprise Single Sign-On (2)
Identity Management (27)
Master Data Management (1)
Oracle Access Manager (6)
Oracle Adaptive Access Manager (2)
Oracle Entitlement Server (1)
Oracle Identity Analytics (1)
Oracle Identity Federation (5)
Oracle Identity Management (4)
Oracle Identity Manager (29)
Oracle Internet Directory (6)
Oracle Role Manager (5)
Oracle Virtual Directory (8)
Oracle Web Services Manager (3)
Passlogix v-GO (3)
Sun Directory Server (2)
Sun Identity Manager (6)
Sun OpenSSO (3)
Sun Role Manager (3)
Tags

11g 3rd bday JavaOne SAML academia accuracy active directory adapters administrative agilent ask identigral attestation audit bpel bpmn bpm business case cdi cloud computing connectors contextual search data masking data quality deployment dip entitlements federation gartner groups gtc guests insider threats insider threat java jca jms lifecycle limericks linux mashup mdm messaging migration nabaztag oaam oam oas obiee oc4j oel off-boarding ohs oid oif oim oow09 opensso operations osso ovd owsm passwords patching performance phi privileged accounts provisioning queues reconciliation risk rocks rogue accounts rsa10 semantics siem sim sjsds sod solaris suncle thermodynamics twitter virtual reality vpd waveset webinar whitepapers
Recent Posts

A Hybrid Identity Management (IdM) Migration Approach
Doraemon to the Rescue
Grown Kittens Need a New Home
The Blue Cheese Effect
The Age of Scroogle