RBAC (Role-Based Access Control) in SailPoint

1
RBAC (Role-Based Access Control) in SailPoint
www.infosectrain.com sales_at_infosectrain.com
2
Identity and Access Management (IAM) is now a
critical component of any organizations security
policy. IAM helps restrict your organizations
exposure and decreases risk by ensuring that only
the right personnel access specific systems and
data. Role-Based Access Control (RBAC) is a
strategy used by many IAM systems to assign
rights for who can do what within specific IT
roles like applications, based on the
organizations structure and the users roles.
www.infosectrain.com sales_at_infosectrain.com
3

• Table of Contents
• What is RBAC in SailPoint? How Does it Work?
• Benefits of RBAC for Organizations
• RBAC Models
• What is RBAC in SailPoint? How Does it Work?
• A Role-Based Access Control model in SailPoint
  offers a Role-Based mechanism. In any
  organization, entitlement in SailPoint is not
  left alone. When anyone joins an organization,
  they will find a particular job role in that
  organization. SailPoint architecture offers
  two-tier of Role-Based modeling.
• Business Roles
• Mapped IT Roles Entitlements or permissions

www.infosectrain.com sales_at_infosectrain.com
4
In SailPoint, entitlements or permissions serve
as the foundation for role modeling. We logically
organize entitlements into role models when we
link entitlements and encapsulate entitlements
inside a role model. Business roles are generic
roles that a user can join, such as Manager or
Security Analyst. Well map the IT roles required
to execute their jobs inside each of these roles.
If a Manager joins an organization, he must
access the following applications (app1, app5,
app7, app8, and app10). The access is
automatically encapsulated if the organization
assigns this manager job role to someone else. As
a result, when a new member joins an
organization, they are allocated a business role,
and whatever access is encapsulated will
automatically be assigned to them. These access
privileges are given to the user automatically. A
business indicates their entitlement further
inside each of these applications. For example,
if they are given access such as reading access
or execution access, then by default, it goes in
birthright positioning. When you provide a
specific person a business role one by one, all
of the encapsulating access will be provisioned
automatically. It signifies that businesses have
centralized entitlements into a defined job in
any organization, indicating that they prefer one
to several mappings and concentrate on how access
is governed. Control Association is used to map
IT roles within business roles.
www.infosectrain.com sales_at_infosectrain.com
5
Control Association When we map business roles
in a permitted or required manner, any mapped IT
roles will be assigned automatically. And
anything a user has marked as permitted will
allow them to request those positions. In short,
RBAC (Role-Based Access Control) enables users to
create and enforce restricted access by assigning
a set of permissions. Permissions are assigned
based on the level of access that specific user
profiles need to perform the job. In other words,
depending on their job role and tasks, different
people in any organization may have different
kinds of authorized access.
www.infosectrain.com sales_at_infosectrain.com
6

• Benefits of RBAC for Organizations
• RBAC has various benefits for organizations
• Centralized access Any business can use RBAC to
  create centralized access. This means youll be
  able to view what roles your end users have been
  assigned when you log in. Alternatively, youll
  be able to see which business roles have been
  assigned and which IT jobs have been detected.
  This is because IT roles are linked further
  inside business profiles.
• Role information By opening identity cubes, you
  will receive a perspective of 360-degree access.
  It means you have access to the specific job role
  and also know what can and cannot be done in your
  organization.
• Compliance information Compliance information
  refers to how well your identification adheres to
  your enterprises standards and risk modeling. In
  SailPoint, you can govern access and define
  policies in your organization. In SailPoint, RBAC
  improves compliance with regulations such as
  HIPPA, SOX, GDPR, etc.

www.infosectrain.com sales_at_infosectrain.com
7
4.Reduce third-party risk RBAC in SailPoint
reduces third-party risk by assigning
predetermined roles to external users such as
vendors and business partners. 5.Use the least
privilege policy RBAC maintains the least
privilege principle by automatically changing
access permissions when roles change.




www.infosectrain.com sales_at_infosectrain.com
8

• RBAC Models
• The RBAC has four models
• Core RBAC The core or basic RBAC has three main
  elements user, roles, and permissions. This
  model works as a one-to-many mapping principle,
  which means that multiple users could have the
  same job role and that a single user can have
  various job roles.
• Hierarchical RBAC Hierarchy that establishes the
  relationship of seniority between the various
  jobs is the fourth component of RBAC models. You
  remove repetitions such as declaring specific
  permissions when jobs coincide by automatically
  allowing senior roles to obtain junior roles
  privileges.
• Static Separation of Duty (SSD) Relations A user
  who is a member of one position cannot be
  assigned membership to another role with a
  conflict of interest.
• Dynamic Separation of Duty (DSD) Relations DSD
  (Dynamic Separation of Duty) controls the rights
  enabled during that session since a user may
  require a different level of access depending on
  the job executed during the period.

www.infosectrain.com sales_at_infosectrain.com
9
SailPointIQ with InfosecTrain Using RBAC
significantly improves your capacity to manage
access, which improves security and compliance
and adds efficiency to your IT processes. If you
have or are planning an IAM strategy,
responsibilities will eliminate repeated chores
and manual tasks.




The InfosecTrain SailPoint IdentityIQ-Admin and
Developer training course is designed to teach
advanced knowledge of the IAM solution through a
broad blend of practical and theoretical
learning. So, join InfosecTrain to learn about
the abilities required to become a professional
capable of managing and creating SailPoint
solutions for your enterprises.
www.infosectrain.com sales_at_infosectrain.com
10
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
11
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
12
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
13
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
14
(No Transcript)
15
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com