SlideShare uma empresa Scribd logo

ORG Access Management: Technical Details

FSP GmbH
FSP GmbH
Tecnologia
1 de 27
Baixar para ler offline
30.10.2013 FSP GmbH | Product Presentation
Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 2
Company Overview Founded in 2002 Headquarters: Cologne Represented throughout Germany 40 employees 30.10.2013 ORG Product Presentation 3
Company Overview: Software & Consulting Software Business Consulting • Access Governance Concepts • Process Optimization • Project- / Test Management IT Consulting & Development • Software Development • IT Security • IT-Project- / Test Management 30.10.2013 ORG Product Presentation 4
Company Overview: Customers 30.10.2013 ORG Product Presentation 5
Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 6
Access Management: Conventional method RACF Group SAP HR SAP-Role Indiv. Applications Groups / Individual Rights P&C Administration Individual Rights Partner System Individual Rights Notes/Outlook Group LDAP e.g. Group Membership Databases Employee Several System-Administrators Indiv. / Role Individual Systems often use Individual Rights New Entry, Fluctuation, Departmental Change 30.10.2013 ORG Product Presentation 7
Solution: ORG Central administration of user rights Interfaces: SPML-Systems: - Novell Identity Manager - IBM Tivoli Directory Integrator - openSPML Directory Systems ‐ ‐ ‐ - Employee New Entry Fluctuation Departmental Change Central, lean Administration User Rights based on: - Roles/Rights model - Attributes Other systems ‐ SAP R3 ‐ RACF ‐ INTERFLEX APIs - External Known customer Prospect … Microsoft AD IBM Tivoli Directory Server openLDAP Novell eDirectory SUN one Directory Server … Java (SE & EE) Windows / Unix (C) z/OS (Cobol, PL/1, C) automated provisioning 30.10.2013 ORG Product Presentation 8
ORG Architecture: Basis for USPs 30.10.2013 ORG Product Presentation 9
Model: Entities OrganizationalUnit Position User Organizational Structure Client Location Role Role group Competence scheme Role model Permissions Competence Role conflict 30.10.2013 ORG Product Presentation 10
Model: Historicizing, life cycle Time Status: future Create Status: current Edit or delete No physical deletion: The database entry is marked as „deleted“ Status: historicized Expired or deleted Historicizing of all changes of an object or a relation between objects including the initiator and the time 30.10.2013 ORG Product Presentation 11
SPML Webservice: Architecture Interface to approval workflow: • ORG Approve • Lotus Notes • SharePoint • etc. • Interface to higher-level systems: • HR-Systems (z.B. SAP HR, …) • IDM-Systems (z.B. IBM TIM, Novell IDM, …) • etc. 30.10.2013 ORG Product Presentation 12
Approval Workflow (with ORG Approve) • Self Service • Appliable permission requests depend on the owners role (e.g. a normal employee is not permitted to request an executive‘s role) • 4-eyes principle supported (parallel and sequentially) • MaRisk AT 7.2 conform 30.10.2013 ORG Product Presentation 13
Standard: RBAC 30.10.2013 ORG Product Presentation 14
Model: Standard software Modeling • User and Role are always available. • Position, Role group and Organization Unit are optional. External system User Organization - unit Typical use Position • Storage systems with their own detailled permissions. • E. g. the system has to enable roles or groups to carry authorizations. Role group Role Examples • LDAP-Directory (z.B. Active Directory) • SAP • RACF 30.10.2013 User Role or group Indiv. rights ORG Product Presentation 15
ORG Connector: Architecture 30.10.2013 ORG Product Presentation 16
ORG Connector: Attribute mapping Attribute mappings are free configurable Source in ORG can be: Attribute of the user Values of a users competence to a random Competence Scheme Composite values via formation rule 30.10.2013 ORG Product Presentation 17
USP: Fine Grained Attribute based, more than role based 30.10.2013 ORG Product Presentation 18
Model: Homegrown software Modeling User • Users and competency scheme are always available • Position, role group, role and OU are optional. • Competencies can be defined for users, roles or positions. Typical use • House developments • Systems in which an exit is provided for the procurement of allowances. 30.10.2013 Position Organization - unit Role group Role Competence Competence scheme ORG Product Presentation 19
ORG APIs: Access to runtime db 30.10.2013 ORG Product Presentation 20
Process logic: Runtime DB access Application life Functional Authorization capsule ORG API Verify the payout isPayoutPermitted(userid,value) hasCompetence(userid,“PayoutContract“,“Life“,value ) Database-consultation Result (Yes or No) Result (Yes or No) • • The Process-logic is basically at all APIs the same. It makes sense to summarize all functional authorizations of a application to one specific Functional Authorization capsule. 30.10.2013 ORG Product Presentation 21
Interfaces SPML systems: • Novell Identity Manager • IBM Tivoli Directory Integrator • openSPML Other connectors available for: Directory systems: • SAP R3 • Microsoft Active Directory • RACF • IBM Tivoli Directory Server • SharePoint • openLDAP • INTERFLEX • Novell eDirectory • SUN one Directory Server APIs available for the following platforms: • ApacheDS • Java (SE & EE) • RACF LDAP-Server • Windows / Unix (C) • other systems • z/OS (Cobol, PL/1, C) 30.10.2013 ORG Product Presentation 22
Summary • Single Point of Administration and Control • Reduction of Time, Cost and Complexity • History management / Revision proof • Supports RBAC / ABAC • Integration in company-wide environments is proven • Integration of organizational structure information • Distributed and delegated administration (configurable) • Multi-client capable • High performance & fail save • Corporate Design applicable 30.10.2013 ORG Product Presentation 23
Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 24
Access Governance Suite 30.10.2013 ORG Product Presentation 25
Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 26
Live Demo FSP GmbH Consulting & IT-Services Albin-Köbis Straße 8 D-51147 Cologne Tel.: +49 (0) 2203 / 371 000 – 0 www.fsp-org.com 30.10.2013 ORG Product Presentation 27

Recomendados

Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San Francisco
ForgeRock
 
Social networks
Social networksSocial networks
Social networks
evictionotice
 
The Austrian Economic Model
The Austrian Economic ModelThe Austrian Economic Model
The Austrian Economic Model
mrkaeagles
 
Presentatio
PresentatioPresentatio
Presentatio
Adan Davila Cruz
 
Project
ProjectProject
Project
mrkaeagles
 
Wp 2013 training
Wp 2013 trainingWp 2013 training
Wp 2013 training
freshmarketing
 
Active and Passive Voice
Active and Passive VoiceActive and Passive Voice
Active and Passive Voice
mrkaeagles
 
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
George Grammatikos
 

Recomendados

Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San Francisco
ForgeRock
 
Social networks
Social networksSocial networks
Social networks
evictionotice
 
The Austrian Economic Model
The Austrian Economic ModelThe Austrian Economic Model
The Austrian Economic Model
mrkaeagles
 
Presentatio
PresentatioPresentatio
Presentatio
Adan Davila Cruz
 
Project
ProjectProject
Project
mrkaeagles
 
Wp 2013 training
Wp 2013 trainingWp 2013 training
Wp 2013 training
freshmarketing
 
Active and Passive Voice
Active and Passive VoiceActive and Passive Voice
Active and Passive Voice
mrkaeagles
 
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
IT PRO | Connections 2020 : Introduction to Logic Apps and automation solutio...
George Grammatikos
 
Community vs. Commercial Open Source
Community vs. Commercial Open SourceCommunity vs. Commercial Open Source
Community vs. Commercial Open Source
Justin Reock
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation
Modelon
 
Software variability management - 2017
Software variability management - 2017Software variability management - 2017
Software variability management - 2017
XavierDevroey
 
The Real Scoop on Migrating from Oracle Databases
The Real Scoop on Migrating from Oracle DatabasesThe Real Scoop on Migrating from Oracle Databases
The Real Scoop on Migrating from Oracle Databases
EDB
 
Introduction to basics of drupal
Introduction to basics of drupalIntroduction to basics of drupal
Introduction to basics of drupal
lrtraining05
 
Reducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off OracleReducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off Oracle
EDB
 
Software Product Lines by Dr. Indika Kumara
Software Product Lines by Dr. Indika KumaraSoftware Product Lines by Dr. Indika Kumara
Software Product Lines by Dr. Indika Kumara
Thejan Wijesinghe
 
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
Marco Gralike
 
SpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free PlatformSpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free Platform
davide.zerbetto
 
The Race To 50 Million Page Views
The Race To 50 Million Page ViewsThe Race To 50 Million Page Views
The Race To 50 Million Page Views
LogicworksNY
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel Lucent
AgileSparks
 
Analyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentationAnalyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentation
AnalytixDataServices
 
Oslc case study (poc results) v1.1
Oslc case study (poc results) v1.1Oslc case study (poc results) v1.1
Oslc case study (poc results) v1.1
Joseph Lopez, M.ISM
 
DS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham ChartersDS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham Charters
mfrancis
 
SYSTEMS PRESENTATION to help you in design
SYSTEMS PRESENTATION to help you in designSYSTEMS PRESENTATION to help you in design
SYSTEMS PRESENTATION to help you in design
rhesusfactor848
 
Service Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksService Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service Works
Kenneth Peeples
 
Winning performance challenges in oracle standard editions
Winning performance challenges in oracle standard editionsWinning performance challenges in oracle standard editions
Winning performance challenges in oracle standard editions
Pini Dibask
 
F17_Unified Governance for Power Automate, Power Apps, Power BI
F17_Unified Governance for Power Automate, Power Apps, Power BIF17_Unified Governance for Power Automate, Power Apps, Power BI
F17_Unified Governance for Power Automate, Power Apps, Power BI
serge luca
 
Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
OracleIDM
 
Streamline it management
Streamline it managementStreamline it management
Streamline it management
DLT Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Mais conteúdo relacionado

Semelhante a ORG Access Management: Technical Details

Introduction to basics of drupal
Introduction to basics of drupalIntroduction to basics of drupal
Introduction to basics of drupal
lrtraining05
 
Reducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off OracleReducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off Oracle
EDB
 
SpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free PlatformSpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free Platform
davide.zerbetto
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel Lucent
AgileSparks
 
Analyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentationAnalyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentation
AnalytixDataServices
 
DS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham ChartersDS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham Charters
mfrancis
 
Service Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksService Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service Works
Kenneth Peeples
 

Semelhante a ORG Access Management: Technical Details (20)

Community vs. Commercial Open Source
Community vs. Commercial Open SourceCommunity vs. Commercial Open Source
Community vs. Commercial Open Source
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation
 
Software variability management - 2017
Software variability management - 2017Software variability management - 2017
Software variability management - 2017
 
The Real Scoop on Migrating from Oracle Databases
The Real Scoop on Migrating from Oracle DatabasesThe Real Scoop on Migrating from Oracle Databases
The Real Scoop on Migrating from Oracle Databases
 
Introduction to basics of drupal
Introduction to basics of drupalIntroduction to basics of drupal
Introduction to basics of drupal
 
Reducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off OracleReducing the Risks of Migrating Off Oracle
Reducing the Risks of Migrating Off Oracle
 
Software Product Lines by Dr. Indika Kumara
Software Product Lines by Dr. Indika KumaraSoftware Product Lines by Dr. Indika Kumara
Software Product Lines by Dr. Indika Kumara
 
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3
 
SpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free PlatformSpagoBI - the Business Intelligence Free Platform
SpagoBI - the Business Intelligence Free Platform
 
The Race To 50 Million Page Views
The Race To 50 Million Page ViewsThe Race To 50 Million Page Views
The Race To 50 Million Page Views
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel Lucent
 
Analyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentationAnalyti x mapping manager product overview presentation
Analyti x mapping manager product overview presentation
 
Oslc case study (poc results) v1.1
Oslc case study (poc results) v1.1Oslc case study (poc results) v1.1
Oslc case study (poc results) v1.1
 
DS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham ChartersDS, BP, EJB, CDI, WTF!? - Graham Charters
DS, BP, EJB, CDI, WTF!? - Graham Charters
 
SYSTEMS PRESENTATION to help you in design
SYSTEMS PRESENTATION to help you in designSYSTEMS PRESENTATION to help you in design
SYSTEMS PRESENTATION to help you in design
 
Service Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksService Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service Works
 
Winning performance challenges in oracle standard editions
Winning performance challenges in oracle standard editionsWinning performance challenges in oracle standard editions
Winning performance challenges in oracle standard editions
 
F17_Unified Governance for Power Automate, Power Apps, Power BI
F17_Unified Governance for Power Automate, Power Apps, Power BIF17_Unified Governance for Power Automate, Power Apps, Power BI
F17_Unified Governance for Power Automate, Power Apps, Power BI
 
Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
 
Streamline it management
Streamline it managementStreamline it management
Streamline it management
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

ORG Access Management: Technical Details

  • 1. 30.10.2013 FSP GmbH | Product Presentation
  • 2. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 2
  • 3. Company Overview Founded in 2002 Headquarters: Cologne Represented throughout Germany 40 employees 30.10.2013 ORG Product Presentation 3
  • 4. Company Overview: Software & Consulting Software Business Consulting • Access Governance Concepts • Process Optimization • Project- / Test Management IT Consulting & Development • Software Development • IT Security • IT-Project- / Test Management 30.10.2013 ORG Product Presentation 4
  • 6. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 6
  • 7. Access Management: Conventional method RACF Group SAP HR SAP-Role Indiv. Applications Groups / Individual Rights P&C Administration Individual Rights Partner System Individual Rights Notes/Outlook Group LDAP e.g. Group Membership Databases Employee Several System-Administrators Indiv. / Role Individual Systems often use Individual Rights New Entry, Fluctuation, Departmental Change 30.10.2013 ORG Product Presentation 7
  • 8. Solution: ORG Central administration of user rights Interfaces: SPML-Systems: - Novell Identity Manager - IBM Tivoli Directory Integrator - openSPML Directory Systems ‐ ‐ ‐ - Employee New Entry Fluctuation Departmental Change Central, lean Administration User Rights based on: - Roles/Rights model - Attributes Other systems ‐ SAP R3 ‐ RACF ‐ INTERFLEX APIs - External Known customer Prospect … Microsoft AD IBM Tivoli Directory Server openLDAP Novell eDirectory SUN one Directory Server … Java (SE & EE) Windows / Unix (C) z/OS (Cobol, PL/1, C) automated provisioning 30.10.2013 ORG Product Presentation 8
  • 9. ORG Architecture: Basis for USPs 30.10.2013 ORG Product Presentation 9
  • 10. Model: Entities OrganizationalUnit Position User Organizational Structure Client Location Role Role group Competence scheme Role model Permissions Competence Role conflict 30.10.2013 ORG Product Presentation 10
  • 11. Model: Historicizing, life cycle Time Status: future Create Status: current Edit or delete No physical deletion: The database entry is marked as „deleted“ Status: historicized Expired or deleted Historicizing of all changes of an object or a relation between objects including the initiator and the time 30.10.2013 ORG Product Presentation 11
  • 12. SPML Webservice: Architecture Interface to approval workflow: • ORG Approve • Lotus Notes • SharePoint • etc. • Interface to higher-level systems: • HR-Systems (z.B. SAP HR, …) • IDM-Systems (z.B. IBM TIM, Novell IDM, …) • etc. 30.10.2013 ORG Product Presentation 12
  • 13. Approval Workflow (with ORG Approve) • Self Service • Appliable permission requests depend on the owners role (e.g. a normal employee is not permitted to request an executive‘s role) • 4-eyes principle supported (parallel and sequentially) • MaRisk AT 7.2 conform 30.10.2013 ORG Product Presentation 13
  • 15. Model: Standard software Modeling • User and Role are always available. • Position, Role group and Organization Unit are optional. External system User Organization - unit Typical use Position • Storage systems with their own detailled permissions. • E. g. the system has to enable roles or groups to carry authorizations. Role group Role Examples • LDAP-Directory (z.B. Active Directory) • SAP • RACF 30.10.2013 User Role or group Indiv. rights ORG Product Presentation 15
  • 17. ORG Connector: Attribute mapping Attribute mappings are free configurable Source in ORG can be: Attribute of the user Values of a users competence to a random Competence Scheme Composite values via formation rule 30.10.2013 ORG Product Presentation 17
  • 18. USP: Fine Grained Attribute based, more than role based 30.10.2013 ORG Product Presentation 18
  • 19. Model: Homegrown software Modeling User • Users and competency scheme are always available • Position, role group, role and OU are optional. • Competencies can be defined for users, roles or positions. Typical use • House developments • Systems in which an exit is provided for the procurement of allowances. 30.10.2013 Position Organization - unit Role group Role Competence Competence scheme ORG Product Presentation 19
  • 20. ORG APIs: Access to runtime db 30.10.2013 ORG Product Presentation 20
  • 21. Process logic: Runtime DB access Application life Functional Authorization capsule ORG API Verify the payout isPayoutPermitted(userid,value) hasCompetence(userid,“PayoutContract“,“Life“,value ) Database-consultation Result (Yes or No) Result (Yes or No) • • The Process-logic is basically at all APIs the same. It makes sense to summarize all functional authorizations of a application to one specific Functional Authorization capsule. 30.10.2013 ORG Product Presentation 21
  • 22. Interfaces SPML systems: • Novell Identity Manager • IBM Tivoli Directory Integrator • openSPML Other connectors available for: Directory systems: • SAP R3 • Microsoft Active Directory • RACF • IBM Tivoli Directory Server • SharePoint • openLDAP • INTERFLEX • Novell eDirectory • SUN one Directory Server APIs available for the following platforms: • ApacheDS • Java (SE & EE) • RACF LDAP-Server • Windows / Unix (C) • other systems • z/OS (Cobol, PL/1, C) 30.10.2013 ORG Product Presentation 22
  • 23. Summary • Single Point of Administration and Control • Reduction of Time, Cost and Complexity • History management / Revision proof • Supports RBAC / ABAC • Integration in company-wide environments is proven • Integration of organizational structure information • Distributed and delegated administration (configurable) • Multi-client capable • High performance & fail save • Corporate Design applicable 30.10.2013 ORG Product Presentation 23
  • 24. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 24
  • 25. Access Governance Suite 30.10.2013 ORG Product Presentation 25
  • 26. Agenda Company Overview Product Presentation Access Governance Suite Live Demo Discussion 30.10.2013 ORG Product Presentation 26
  • 27. Live Demo FSP GmbH Consulting & IT-Services Albin-Köbis Straße 8 D-51147 Cologne Tel.: +49 (0) 2203 / 371 000 – 0 www.fsp-org.com 30.10.2013 ORG Product Presentation 27