摘要 |
A method of is provided for granting correct access to computer system resources. Correct access is based on a description of business processes, roles, and the assignment of roles to business processes. Such a definition is stored in an enterprise model. To compute the correct security profiles, the model is analyzed to identify security profiles that meet role and business process assignments for each user of the computer system. An iteration is done through possible security profiles to identify potential best matches of profiles that provides access to the resources required to implement the business process by one or more users. A subset of the security profiles is created on the associated business processes response based on the lowest risk assessments.
|