Users to Roles Mapping

The Users to Roles Mapping within the RBAC Analyzer provides an in-depth perspective on the system-generated roles assigned to individual employees, for organizations to identify potential anomalies or risks in their access control landscape.

This view presents a table listing all employees, along with the system-generated roles assigned to each individual. By analyzing this information, organizations can quickly pinpoint employees who have been assigned an unusually high number of roles compared to their peers or colleagues in similar positions.

The users table in the RBAC Analyzer includes the following sets of columns:

  • Identity Details: Displays the handle, identity name, email, and the person's (employee) name.

  • System-Generated Roles: Dedicated columns for each system-generated role, with a tick (✓) indicating that the role is assigned to the respective employee.

This tabular view allows organizations to gain an understanding of the access control landscape, facilitating the identification of potential risks or anomalies. For instance, consider an employee holding the position of CEO, having the highest number of roles. Similarly, an employee in an engineering role also has the highest number of roles. However, when considering the respective positions within the company, one of them does not align with expectations. This misalignment raises questions regarding the appropriateness of their role assignments and may warrant further examination.

The User View table also offers filtering capabilities, enabling administrators to explore and find specific sets of users assigned to particular system-generated roles.

Furthermore, by clicking on the tick (✓) icon corresponding to a specific system-generated role, the User View navigates to the BalkanID Generated Role Details → Connections Page. This page provides a filtered view, displaying a list of connections that the user has access to through the assigned system-generated role.

By leveraging the User to Role Mapping view, organizations can proactively identify and address anomalies in role assignments, ensuring that access privileges are appropriately aligned with employees' roles and responsibilities.

Was this helpful?