Do we need to clean up our mess before using a compliance product such as Sun Java System Role Manager ?
By Bert Van Beeck on Jun 19, 2008
When it comes to using a compliance product, in order to prove compliance - your identity data has to be in a compliant state.
(it can't have any role/rule-based SOD violations, Certifications must be completed without outstanding revocations, etc ...).
Once your data is in order, opening up this quality type information to outsiders through techniques of provisioning or ideally federation could be the next step.
However, growing into a compliant state is a process and not just an action.
By that I mean that a product such as Sun Java System Role & Compliance Manager no only proves the compliant state, but helps you get there from the early messy state your data is in.
using the ability to import external identity data, create, mine and
manage business & IT roles, repeat review cycles at role/user
and/or application level, the product allows you clean up your data,
ending up with proper roles and properly linked users and entitlements,
and manual workflow driven review mechanism that allows your data
owners and line managers to review current assigned entitlements and
verify the validity of them. In case of violations, remediation can
be triggered either via e-mail or via external provisioning solutions
such as Sun Java System Identity Manager.
Compliance is therefore a constant running process that ensures the quality of your data becomes optimal, and stays optimal through a typical set of lifecycle operations on the involved identities.
More information on the product can be found at : http://www.sun.com/software/products/rolemanager