About Us

What We Believe

• 1. Functional roles
• 2. Automation of the assignment of entitlements
• 3. Exception Based workflow management of entitlements
• 4. Transparency of the assignment of entitlements

Functional Roles

When designing application access controls, application developers and integrators should view an application as a component of an enterprise to be administered centrally, rather than as an isolated silo of functionality.

The inventory of application roles should be created with the business processes to be enabled in mind. In general, application roles should have little or no overlap in functionality and represent the authority to perform discreet business functions or operations rather than a complete job. The less that application roles overlap each other, the more scalable is their use in administration of access for enterprise users, for whom separation of duties issues and regulatory compliance conflicts must be managed. An application role should not represent a complete job or position in an enterprise, but rather can be combined with other discreet application roles from the same or different applications to enable the performance of a job.

Automation of the assignment of entitlements

We believe that though it is usually not feasible to completely automate the assignment of entitlements for everything, the closer you can get to complete automation the more benefits you will realize.

Individuals are not assigned a specific set of entitlements in an application because of who they are but rather what they do in an organization. Entitlements are not assigned on a whim. Entitlement assignments are determined from the functional requirements for a person to do their job in an organization. A large portion of the entitlements and context or scope for the entitlements can be discerned by the position or job that a person has in the organization and the part of the organization in which the person works. The physical location of the person may also play a part. These are the considerations when creating the rules that determine the set of entitlements that will be automatically assigned to an individual.

Exception Based workflow management of entitlements

We believe that exceptions should truly be exceptions. Too many organizations allow exceptions to be the rule. You cannot achieve your goals if every user requires an exception; that’s just poor planning.

Strategies should be in place for the following:

• Self Service Exceptions: This is the assignment of individual entitlements to a specific individual – ideally minimal.
• Separation of Duty Exceptions: There are some entitlements that should not be assigned to an individual if they are assigned some other specific entitlements.
• Business Continuity: When a person is transitioning from one position to another in an organization it is often helpful to let them keep their old entitlements for a specified amount of time. There are times when a person is on temporary assignment or replacing another person in their position temporarily. They may need a completely different set of entitlements during this time.

Transparency of the assignment of entitlements

We believe that transparency is important.

By using functional roles that are largely assigned through rules there is transparency for individuals access capabilities that helps with compliance and understanding who can do what in an organization.

Copyright ©2007 Autheus Inc. All Rights Reserved. -- Contact: 713.263.9927 or info@autheus.com