Learn more about Clarity Security’s Role Management through the use of the linked documentation.
Glossary of Terms
An Entitlement is a specific functions, policy, resource, or license that is granted by an application. Entitlements are fundamental to identity governance as they clearly define the actions that can be taken by users in an application. Entitlements enable an organization's ability to deploy Role Based Access Control, achieve Compliance, and progress toward Zero Trust.
A Role is a dynamic group of Entitlements that are automatically provisioned when a User or Identity is created. Roles are generated by looking at the commonalities of access within a specific Department, Division, Job Title, or Shared Attribute. Roles can be modified, combined, and created within Clarity and correct the access of all relevant users.
Role Based Access Control
Role Based Access Control (RBAC) is a guiding principle for identity programs. RBAC is generally implemented via the manual creation of Roles and assigning Identities to them. Manual RBAC is susceptible to role creep, resulting in Identities being over or under provisioned. Clarity Security dynamically generates roles based on the cross-section of access shared by Identities with like attributes.
Attribute Based Access Control
Attribute Based Access Control (ABAC) is similar to RBAC in that Role or Groups of Access is used to assign Application access and Entitlement access to Identities. Clarity Security utilizes ABAC in its core platform. This allows organizations the flexibility to dynamically generate Roles based on attributes found throughout the environment, not just Human Resource Platforms. Common implementation examples are Organization Unit in AD, Department in Azure AD, or a group in Okta.
Zero Trust is a framework, architectural principle, guiding principle that mitigates risk through least privilege / least access. Zero Trust extends well beyond knowing who has application, network, and server access. It mandates knowledge and control of all components of an environment from the building down to a single function inside an entitlement on homegrown applications.
Role Creep is when roles grow to include access that does not follow Zero Trust. Role Creep is a common biproduct of manual role creation and management.
Support Contact Information
Call your customer success team.
Open a ticket here - https://claritysecurityhelp.zendesk.com/hc/en-us/requests/new
Call 979-398-5512 – Monday through Friday – 8:00 AM-6:30 PM CST