摘要 |
An entitlement management system is described herein that models each entitlement as a resource within a resource management system. In a resource management system that applies policy to all requests to create, update, and delete a resource, this approach allows rich application of policy to the creation, delegation, renewal, expiration, and deletion of entitlements. A resource management system that can synchronize data to connected systems can thereby grant or revoke these permissions in those systems. This approach also facilitates role mining, attestation, and compliance reporting. Entitlements stored as resources may also include properties, such as workflows and policies related to the entitlements. Thus, the entitlement management system provides a more formal and automated facility for managing entitlements in organizations.
|