Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role mining based on user attributes (CUSTOMERPROPERTY5)

maria
New Contributor
New Contributor

‎06/30/2022 07:24 AM

Hello everyone,

What is the best way to mine roles based on user attributes? In particular, I need to mine roles based on department values for my users. These values, in turn, come from HR system import.

I see that Saviynt allows to mine based on enterprise roles and entitlements, but not directly attributes. I could think of a solution where I need to, first, create roles for all  (lets say I have 10) and assign them (by rule, for example, based on coresponding attributes). Only then I will be able to mine selecting these 10 department roles. Does it make sense? Is it overkil? Can I use directly user attributes for role mining instead?

Regards,

Maria

Labels:
0 Kudos
8 REPLIES 8

jayasudha
Saviynt Employee
Saviynt Employee

‎07/01/2022 12:16 AM - edited ‎07/01/2022 12:30 AM

Hi Maria,

Role Mining could be done on user attributes as well. Navigate to Intelligence-->Role Mining-->By users..

When you don't have any roles assigned and need to start from scratch, you can go via this option. It will let you choose the users based on a particular attribute and analyze their entitlements to come up with a role.

I have attached the screenshot for your reference below.

jayasudha_0-1656659528015.png

After choosing "By users", if you go to "Advanced search" on your right side, A pop-up window appears where you can give the search criteria.

jayasudha_1-1656659665431.png

This does not require any role to be created.

Hope this helps. Let me know in case of further queries.

 

Regards,

Jayasudha R

 

0 Kudos

maria
New Contributor
New Contributor
In response to jayasudha

‎07/01/2022 02:47 AM

Hi Jayasudha,

Thank you for your input and engaging in the discussion 🙂

So, what you are saying is that I just need to exclude from role mining those users who do not department values.  In my test data I have three departments IT, IT services, Sales. Saviynt mines 2 roles. How shall I interprete these roles?

My goal is to be able to suggest what roles shall be given to IT department, what roles shall be given to Sales department, what to IT services, even when new Users come.

My thinking: I now should check Users tab for each role and see what departments these users have. By the way, out of 130 users (100 users for IT, 20 users for IT services, and 30 users for Sales) used as input for this role mining, only 70 can be found in the user tab for all mined roles (53 users for Role#1 and 27 users for Role#2). I can see that Role#1 includes users from IT and IT services, Role#2 includes users from Sales. Shall I then say that Role#1 shall be given to all people from IT and IT services, and Role#2 shall be given to all Sales?

In this way, I should recommend to give Role#1 to remaining 67 users from IT and IT service and to give Role#2 to remaining 3 users from Sales. Additionally, all new comers from IT and IT services shall get Role#1 and new comers from Sales shall get Role#2.

Does it make sense? Role mining is cool, but I am lack of experience in applying it.

0 Kudos

jayasudha
Saviynt Employee
Saviynt Employee
In response to maria

‎07/01/2022 04:02 AM - edited ‎07/01/2022 04:20 AM

Hi Maria,

If you want to assign roles based on "Department", then when selecting users, you can leverage "Department name" in advance search filter.

For example, If you give "IT" here it will list the users of only IT department, and analyze the entitlements of them and come up with a role only for IT department users. You can assign those roles to IT department users as per your use case.. In that way you don't need to analyze which role should be assigned to whom and so on..

jayasudha_1-1656670988767.png

 

There are more such filters available in role mining. Kindly follow the attached document to understand more on role mining. https://saviynt.freshdesk.com/support/solutions/articles/43000616357-working-with-role-mining 

Regards,

Jayasudha R

0 Kudos

maria
New Contributor
New Contributor

‎07/01/2022 04:36 AM - edited ‎07/01/2022 04:39 AM

The only thing that concerns me with this approach is that I dont really want to "come up" own my own, but I would like to rely Intelligence, i.e. algorithms implemented in the Role mining engine. I might adjust a bit the result or play with some configurations of the algorithm engine, of course. But I would like that the main work is done not by me staring at entitlements of users from each department on my own. Is this supported anyhow?

0 Kudos

jayasudha
Saviynt Employee
Saviynt Employee
In response to maria

‎07/01/2022 05:20 AM - edited ‎07/04/2022 10:30 PM

Hi Maria,

My assumption is that after choosing the "users" you don't want to select the "entitlement type" based on the department manually. In that case you can make use of "Add all" entitlements from the entitlement selection page. Then the algorithm will take all entitlement types into account and compare it with the entitlement types of the users you have chosen to come up with roles. 

jayasudha_0-1656677513413.png

 

If my above assumption is not right, could you please reiterate the steps that you are trying to do.

Regards,

Jayasudha R

0 Kudos

maria
New Contributor
New Contributor

‎07/04/2022 12:43 AM

Yep, I plan to select all entitlements or maybe exclude some particluar if the client asks.

Back to what I try to achive: I was asked to create suggestions of roles for users based on departments. And I am basically wondering how to approach this task using Saviynt Role mining module. As I understood your reccomendations, @jayasudha , I can take the roughtly the following approach (given that I have 3 departments IT, IT services, Sales):

1. Use "By user" tile of the role mining blade.

2. Include users that belong to IT department using the filtering advance function.

3. Include "all entitlements"

4. After execution of the mining process, Saviynt will reccomend a number of roles. These roles can be candidates to be reccomended for all users from the IT department.

5. Sanitize the initial result. Use your personal judgement to sieve for roles (among mined by Saviynt) that you really want to assign to all users from IT departments.

6. Activate roles that you decided to assign.

7. Repeat steps 1-6 for IT services

8. Repeat steps 1/6 for Sales.

Does Saviynt gives some supporting tools for step 5? Some parameters I can turn? I dont see it directly.

0 Kudos

jayasudha
Saviynt Employee
Saviynt Employee
In response to maria

‎07/04/2022 06:44 AM - edited ‎07/04/2022 07:02 AM

Hi Maria,

After saving the roles from "Role Mining", Navigate to Intelligence-->Role workbench--> Go to "By role mining instance" to work on the saved roles. Role workbench gives you more insights on the saved roles.

There are several tabs available in "Role workbench" to dig the role further. From here you can add or remove entitlements to the role chosen, insights on SOD violations, compare this role to the already existing roles in the system, or even export the roles for further analysis.

For example if you go to "Entitlement" tab, it will give you information on the entitlements that are part of that role, and the occurrence percentage of that entitlement among the users. If you click on the occurrence percentage, it will give you the list of users who are all using that entitlement and so on.

jayasudha_0-1656941422305.png

Please follow this document to know more on "Role workbench".   https://saviynt.freshdesk.com/en/support/solutions/articles/43000616339-managing-roles-using-workben...

Hope this helps.

Regards,

Jayasudha R

 

0 Kudos

maria
New Contributor
New Contributor

‎07/05/2022 12:46 AM

All right, thanks!

0 Kudos
Copyright © 2024 Khoros, LLC