Versions Compared

Old Version 9

changes.mady.by.user David Doret

Saved on

compared with

New Version 10

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It depends (a typical expert answer). But 5 may be a good guiding threshold to start withIf you desperately need a number, pick 5 but please read at the very least the conclusion at the bottom of this article.

Full Answer

The economic impact of RBAC

...

Are role management costs identical across organizations?

The cost of roles is dependent on the organization processes and the role management IT infrastructure.

Some organizations may have a highly manual and expensive role management process. This should lead one to set the Optimal Minimum Cardinality Requirement higher.

Other organizations may have an efficient and partly automated role management process. This should lead one to set the Optimal Minimum Cardinality Requirement lower.

Are teams and functions of identical sizes across organizations and industries?

The average team or function size within organizations vary. Some industries have vertical while others have horizontal organizations.

Conclusion

Considering all these factors, it would be wrong to state that a universal Optimal Minimum Cardinality Requirement exists. But simply answering: “it depends” wouldn’t help IAM practitioners instead.

Literature Review

...

Conclusion

Thus, I propose the following approach:

  • Make a quick data analysis of your role model.

  • Do you currently suffer from Role Explosion? If small roles are not an issue in your organization, you should consider to not set a Minimum Cardinality Requirement. Instead, keep an eye on the evolution of your role model from time to time.

  • If you do believe you have a problem with small roles, your statistical analysis will give you a sound basis on which to set a Minimum Cardinality Requirement.

  • If you don’t have any data (that can’t be true) and must set an arbitrary number, then choose 5.

  • But please, make it a guideline and train your role engineers to recognize key roles that may be worth creating even though they are below the threshold, otherwise your new policy may have an adverse effect on the productivity of your CxO managers.

Bibliography

...