... enterprise role building
Both in GRC and IAM, enterprise role building is the key critical success factor in all projects. We use the RBAC (Role Based Access Controls) model in our projects. Organizations are not in control because the process between business and IT-departments to determine access controls is extremely fuzzy. To enable smooth communication and subsequently reliable management processes, the industry introduced roles. Roles in business processes concur with groups or profiles at IT level and both are very stable. This resulted in a method to organize authorization management on the basis of roles. The evolving standard combines method, role based, and result, access control. RBAC is the method to enable organizations to manage and control the use of IT at the right place. The role based part is covered with enterprise roles or functions (eg. auditor, production planner, ...). The access control part covers the grouping of all items needed to perform certain functionality (payments, invoicing matching, ...) in the target system, also called permissions or tasks.
RBAC ensures we make a clear split between the business responsibilities (RB) and the IT responsibilities (AC).
