Sycorr

Home » Blog » An IAM platform that helps you model ideal access – Permission Assist 6.3

An IAM platform that helps you model ideal access – Permission Assist 6.3

By Dayna Olson on December 31, 2024

Imagine a world where your IAM platform not only understands the intricacies of your application permissions and how they work but also helps you quickly and easily model ideal role-based access across all applications within the role.  With Entitlement Role modeling in Permission Assist version 6.3, this imaginary world is now a reality.

An IAM Platform that Understands Your Application Permissions

In Permission Assist version 6.3, Entitlement Roles understand how permissions are defined within each of your applications. This helps you more quickly and easily define ideal access for each role. For example, let’s say you create an entitlement role for your Tellers. In this role, you assign them to a “Teller” group within your core system. Because Permission Assist knows which permissions are part of that group, it automatically assigns each inherited permission from the group. This doesn’t just make modeling ideal access easier – it also helps you see how changing permissions might affect other permissions.

The Struggle is Over

The days of selecting 100 different permissions, even though they’re inherited from a group, are gone. So is the struggle to figure out which specific permissions belong to a group or which permissions are affected when you enable a particular enlistment. For example, John is a new Loan Officer for First Financial. He needs to be able to process the loan paperwork on the loan origination system. Although the loan origination system is role-based, and internal policies encourage the use of roles to assign permissions, it’s still possible to assign permissions at the user level.

When Jordan, the Provision Engineer, sets up John’s access, he assigns John to the “Loan Officer” group as usual. Then, he goes into John’s account, unknowingly overrides the role, and enables access to process the loan paperwork. Jordan didn’t realize he broke policy and gave John extra permissions. He didn’t realize that the permission John needed to process loan paperwork was one of 55 privileges that John already inherited through the “Loan Officer” group. But, Jordan’s not alone. In the world of Identity and Access Management (IAM), this is just one easy example in a sea of constant struggle.

With Entitlement Role modeling, you can be proactive and prescriptive without the struggle. You can see a detailed analysis of an application’s security model and define ideal access with least privilege. Provision Engineers have a template, so they know exactly which privileges someone should get and how they get them. Confusion is gone; life is good, and the mic is officially dropped. Happy New Year!!

Entitlement Roles Detail Page

For more information about additional changes and features within Permission Assist version 6.3, check out the 6.3 release notes.

Share on LinkedIn

About the Author

Dayna Olson

Dayna has a B.S. in Computer Information Science and a B.S. in Technical Writing. With over 7 years in banking related industries and over 15 years of experience as a technical writer, she knows a thing or two, but she enjoys working with clients more than anything. Helping solve client issues and creating excellent experiences is her specialty.

Related Articles:

Permission Assist: The Big 6.0 Release – Two Big New Features

Incremental Provision Engine With 6.0 we unveil the Incremental Provision Engine. This provisioning engine progressively walks you through remediation changes and allows Permission Assist to do some of the work for you. Just decide which actions you want to take, then click Automate and let Permission Assist do the rest! We’ve integrated the Incremental Provisioning…

Secured By miniOrange