A call for feedback: Automatic Roles Engineering for Active Directory
We have developed a unique technology that enables reverse engineering of
the existing access rights and data stored in Active Directory into Logical
definitions of Business Roles (senior clerk, accounting manager, sales
The resulting Business Roles will be deployed as special user-groups in
The technology will be useful also for modeling and even auditing of the
privileges from time to time.
The assumed benefits:
* Such Roles reduces significantly the time and effort of administrators.
Any insert change or delete in users' privileges.
will be done through the use of reusable and meaningful Roles rather than
using many privileges (this method is commonly called as Role-based Access
Control - RBAC).
* RBAC results in more secure systems - people are not left with redundant
How will that work:
Our plans are to use a very simple by using the native data export utility
The extracted data will than be processed in off line till full delivery of
Once Roles Candidates are approved/or refined they are imported back to AD.
Auditing capabilities may be used for periodical compliance checks.
The system will work on any NT machine, and will be able to process
literally endless amount
of users and privileges (First solution will be limited to 1000 users).
The feedback requested:
Q: does that solution has any value for the organization?
Q: are any of you interested in contributing ideas or participate in the
testing of this concept?
Contributors and those that will participate in the test program, will be
entitled for perpetual use of the software.