Identity Governance and Role-Based Access Control

Role-Based Access Control (RBAC) is a model of assigning system access to people based on their roles in an organization. In the Identity Governance (IG) tool used at U-M, a Business Role defines the specific access that is needed for a group of people who share common job responsibilities.

Selection criteria within an IG Business Role identify users who match specific identity attributes in the organization, such as a set of similar job titles and department IDs. Then, the IG tool can automatically assign the collection of access to each person who fits the selection criteria. The access may be to multiple systems depending on which systems are integrated with the IG tool.

Identity attributes are used to automatically assign access across various systems. The manual work of requesting, approving, and granting access may only be needed for exceptions to the framework established with IG. This also ensures that:

  • People receive access quickly, unless the access is an exception to the normal rules defined by an IG Business Role.
  • System security is improved when access is promptly removed from people who no longer match the selection criteria of an IG Business Role.