Current State RBAC
Last updated
Was this helpful?
Last updated
Was this helpful?
The RBAC Analyzer is a unique capability provided by BalkanID that maps the current accesses within an organization to role buckets based on a combination of HRIS data (Department, Job titles, etc.) and integrated application data (connections, resources, etc.). This analysis produces a blueprint that helps organizations understand their current Role-Based Access Control (RBAC) posture based on realtime data. Through this analysis, BalkanID's heuristics provide insights into how employees, their unique identities, and connections are grouped into BalkanID roles. These system-generated roles are further given unique names to help users identify how and why these groups were created.
The BalkanID Generated Roles do not actually exist in your systems, but its a virtual mapping of how your existing connections, resources and permissions can be grouped. You should be able to use the BalkanID Generated Roles from the RBAC Analyzer to refine your IDP roles such as Okta groups or Azure AD groups. This can help organizations keep their RBAC (that typically end up becoming stale) up-to-date at all times.
AI-driven Role Creation: The RBAC Analyzer automatically generates roles based on HR, IT, and usage data across all your enterprise applications.
Confidence Levels: The heuristics-driven confidence levels on employee → connection → role mapping help define and audit your RBAC posture.
Data-driven Approach: Advanced analytics provide the necessary telemetry to proactively detect and remediate both security and compliance issues.
Risk-based Remediation: Achieve least privilege while right-sizing your permissions without disrupting business activities.
The BalkanID Generated Roles tab represent the baseline access privileges that new employees are granted as part of their onboarding process, ensuring they have the necessary permissions to perform their duties from day one.BalkanID classifies the generated roles into four distinct categories:
Birthright: If everyone in the company has the same set of access privileges.
Department Birthright: If everyone in the department has the same set of access privileges.
Job Birthright: If everyone in the department with job title has the same set of access privileges.
Furthermore, administrators can drill down into individual BalkanID generated roles to obtain a detailed list of identities, connections, resources and entitlements associated with that role by clicking on that particular role. This will lead to the BalkanID Generated Role Details Page providing a granular view that facilitates a deeper understanding of the access privileges granted by each role, i.e the list of connections and identities.
The Role Usage tab provides a comprehensive mapping between departments, job titles, and the roles they have been assigned within BalkanID, along with their respective Role Confidence Scores. These roles are generated through an advanced algorithm that calculates the most relevant roles for each department and job title based on their access patterns and permissions.
Along with identifying BalkanID roles for RBAC, we calculated the significance of the role for a job title and department (confidence score). In our technical analysis, we aim to discern the importance of roles within job titles and departments, spotlighting those that are prevalent or considered "birthright." Additionally, we want our approach to draw attention to a specific role within a job title and department that warrants closer monitoring to prevent potential security issues, ensure productivity (address any decline in performance) or clean-up due to employee’s lateral or upward movement.
The confidence score is calculated based on 3 factors - department, job title and manager. High scores indicate strong alignment between the roles and the department, job title, manager. Lower scores highlight areas that may require further review.
Green means greater than equal to 75% of employees with job title & department has access to the role (high confidence).
Orange means between greater than equal to 50% and less than 75% of employees with a job title & department has access to the role (medium confidence).
Red means more than equal to 25% and less than 50% of employees with a job title and department has access to the role (low confidence).
To improve confidence scores:
For roles with lower confidence scores, review the associated permissions and compare them with the actual needs of the department or job title.
Adjust role assignments as necessary to ensure that each role accurately reflects the permissions required for the specific functions of the department or job title.
Regularly update the roles and their associated permissions based on evolving organizational needs and feedback.