Skip to end of banner
Go to start of banner

What is a Optimal Minimum Cardinality Requirement for Roles? (Q&A)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

DRAFT, PLEASE CONTRIBUTE

Question

What is a Optimal Minimum Cardinality Requirement for Roles ?

Short Answer

It depends (a typical expert answer). But 5 may be a good guiding threshold to start with.

Full Answer

The economic impact of RBAC

Role management has a total cost. To estimate this cost, we should considering the full lifecycle of roles, the time spent by role owners and role engineers to plan, model, configure, maintain, and eventually delete roles. We should also estimate the role management IT infrastructure and probably a multitude of other items. Similarly, role-based access management creates value as it increases productivity and strengthens security in the organization. For a detailed economical study of RBAC, cf. Gallaher et al., 2002).

In theory, the optimal minimum cardinality requirement for roles is the threshold that optimizes the economical impact of RBAC, i.e. value - cost.

The cost of minuscule roles

Asking what is the optimal minimum cardinality requirement implies that too small roles may have a negative economical impact, that is to say the productivity and security benefits such roles bring to the organization are lower than the role’s cost.

Obviously, if a role had no member, it would only incur costs. The threshold should thus be greater than 0.

The value of (some) minuscule roles

At first glance, it may appear that a role with only one member has a negative economic impact. Obviously, granting the access permission directly to the user would produce the same result, so why bother create a role and incur additional costs?

But let’s deepen this superficial analysis and consider a key role in the organization: the CFO. The CFO has a set of unique access permissions that are probably highly sensitive. For instance, she may approve important financial transactions. The CFO changes every few year. If her access permissions were granted individually, how would you know which ones where linked to the CFO function? Especially if she cumulates other functions. Finally, when a new CFO is appointed, you certainly want to assure a smooth and efficient transition, something that is facilitated with a role.

Similarly, what is the true for the CFO is probably true for all CxO managers and possibly for other key roles in the organization.

In consequence, roles are not of equal value. While it is certainly true that single member roles may have negative economic impact, it is certainly also true that key functions in the organization deserve a single member role.

Are role management costs identical across organizations?

Are teams and functions of identical sizes across organizations and industries?

...

Literature Review

...

Conclusion

Bibliography

Related Pages

  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.