18.5 Analyzing Business Roles

Identity Governance allows you to improve role quality and effectiveness by providing you with various analytical tools. To maintain an effective role model, it is important that organizations are able to understand the quality of the roles that have been implemented. For example, you might create a business role that has all or almost all of the members as another business role. This might indicate that these roles are redundant and are not actually needed. Using role analysis, you can analyze selected business roles, all business roles, or membership expression of existing roles to find:

  • Similarity in memberships and authorizations

  • Effectiveness of the selected business roles based on the percentage of users that hold the role authorizations

  • Members and authorizations in common

  • Members without mandatory authorizations

  • Members without auto-grant authorizations

To analyze business roles:

  1. Log in to Identity Governance as a Customer, Global, or Business Roles Administrator.

  2. Select Policy > Business Roles.

  3. Click Analysis tab.

  4. Select an Analyze option and configure related parameters. For example, when selecting the similarity analysis, you can modify the default similarity threshold. If you specify 60%, the results display business roles that have 60% similarity with any authorization or membership.

    NOTE:You can perform Business role similarity and Common authorizations analysis on published or unpublished business roles, while you can perform Authorization effectiveness, Mandatory authorizations, and Auto-grant authorization analysis only on published business roles. If there are unpublished business roles in the list selected for Authorization effectiveness, Mandatory authorization, and Auto-grant authorization analysis, Identity Governance highlights them and skips them during analysis.

  5. Select Start Analysis.

  6. Click the links in the analysis results for additional information such as comparison tables of memberships and authorizations in Business role similarity analysis, and lists of members in Mandatory authorization.

  7. (Optional) Select Download as CSV to download the results as a CSV file for further analysis.