:: Home : Products : Identity Management : SAGE : Discover Roles

Eurekify

Overview

Sage Discovery is the ultimate tool for Identity Management projects, and for projects that aim to implement and manage role-based security in mainframes, enterprise directories, ERP systems, and other major platforms and applications. Sage Discovery uses Sage's patented pattern recognition technology to analyze existing privileges data and identify typical patterns. These patterns can then serve to define role-based access control and role-based management policies. Sage Discovery uses the same technology to review existing role definitions and user group memberships to identify exceptions and deviations, and to refine and optimize role definitions. Sage is a non-destructive off-line analysis tool that is applied to privileges data that is imported from one or more relevant platforms and applications. New role definitions and other results of the analysis can be applied directly to the target platform, reported for manual administration, or stored in an independent repository. Sage runs on a Windows-based personal station.

Where and When to Use

• Identity Management Projects. Role-based management is critical for automated provisioning, and indeed for achieving much of the ROI of IdM projects. Sage Discovery is the only effective tool for recognizing and defining roles in a large enterprise
• A preliminary role engineering effort uncovers and sheds significant light on the organization's true IdM and provisioning needs and shall thus be performed as the first step in the organization's IdM roadmap
• Full Role Engineering should be done as soon as platform and applications are loaded to the new IdM platform
  
  Review some of the benefits in Sage Solutions for Identity Management Projects.
• Implementation of role-based management on a mainframe, enterprise directory, ERP, or any other application. Role-based management is critical for achieving manageability, security, compliance, and level of service.
• Role engineering, role/group optimization, and role-based auditing and compliance can be applied to an existing system at any stage of its life.
• Review some of the benefits in Sage for Role-Based Management Implementation Projects.

Sage Discovery Functions

• Bottom-up discovery of common privileges patterns and their aggregation as RBAC role definitions ("reverse engineering")
• Top-down definition of RBAC roles, and matching/refinement to actual privileges
• Modeled-after role definitions, based on the privileges of a few exemplary users
• Quick identification and definition of templated role definitions
• Quick identification of role definitions and privileges that are populated by "similar" users
• Extension of role definitions that already exist on some platforms to the rest of the enterprise
• Streamlining role definitions to include "almost matching" users and privileges
• Identification of exceptions and deviations in role definitions, and removal of excessive users and privileges
• Identification of redundant and ad-hoc privileges

Environments

• Identity Management of virtually all vendors
• Mainframe, e.g. RACF, TSS
• Enterprise Directory, e.g., Active Directory
• ERP systems, e.g. SAP