Anonymous Testimony 822-701-225, 2019
- David Doret
Pseudonym | Anon 822-701-225 |
|---|---|
Year | 2019 |
Testimony | When I took over the management of IAM at [organization], I was glad to see two team members working on an RBAC project. They were working on it for 18 months. I started monitoring progress and they spontaneously suggested a KPI based on the number of business functions where RBAC was implemented versus those where it wasn't. Progress was steadily progressing. At some point, they proudly announced me that they had reached 60% of the organizational scope. But quickly, I received cues that the quality of the RBAC implementation wasn't up to expectations. I zoomed in and digged into the operational details of the project implementation. It was a complete mess! The list of business functions had not been updated since the project start, even though important reorganizations took place making the original list of business functions partly invalid. Some business roles declared on the IAM platform did not contain any user. Others did not contain any entitlement. Documentation was inexistent. And the team had decided to stick to the original list of business functions from HR and use it only at such a high level of the organization chart where RBAC had no value at all. I don't know what they really spent their time doing but their work had been useless and detrimental to the organization. I was furious to discover how incompetent they were and how they had wasted the organization's resources during so long. I was shocked because I couldn't believe that this disaster lasted so long without anyone finding this out and doing something about it. I quickly restructured the team from a blank sheet of paper, coached the new team, set quality standards and used new performance measures. The one that proved extremely useful was the ratio of access permissions inherited from roles over the total number of access permissions. My first analysis revealed it was below 5%. Do you imagine? It was reported that RBAC had been implemented on 60% of the scope and the truth was that less that 5% of access permissions were inherited from roles. The good news is that from there on, with the new team and this new indicator, progresses were stable and the project eventually became a success. |
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
