Versions Compared

Old Version 2

changes.mady.by.user David Doret

Saved on

compared with

New Version 3

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Pseudonym

Anon 822-701-225

Quote

When I took over the management of IAM at [organization], I was glad to see two team members working on an RBAC project. They were working on it for 18 months. I started monitoring progress and they spontaneously suggested a KPI based on the number of business functions where RBAC was implemented versus those where it wasn't. Progress was steadily progressing. At some point, they proudly announced me that they had reached 60% of the organizational scope. But quickly, I received cues that the quality of the RBAC implementation wasn't up to expectations. I zoomed in and digged into the operational details of the project implementation. It was a complete mess! The list of business functions had not been updated since the project start, even though important reorganizations took place making the original list of business functions partly invalid. Some business roles declared on the IAM platform did not contain any user. Others did not contain any entitlement. Documentation was inexistent. And the team had decided to stick to the original list of business functions from HR and use it only at such a high level of the organization chart where RBAC had no value at all. I don't know what they really spent their time doing but their work had been useless and detrimental to the organization. I was furious to discover how incompetent they were and how they had wasted the organization's resources during so long. I was shocked because I couldn't believe that this disasted lasted so long without anyone finding this out and doing something about it. I quickly restructured the team from a blank sheet of paper, coached the new team, set quality standards and used new performance measures. The one that proved extremely useful was the ratio of access permissions inherited from roles over the total number of access permissions. My first analysis revealed it was below 5%. Do you imagine? It was reported that RBAC had been implemented on 60% of the scope and the truth was that less that 5% of access permissions were inherited from roles. The good news is that from there on, with the new team and this new indicator, progresses were stable and the project eventually became a success.

Year

2019

...