Entitlement Roles
Imagine a world where your IAM platform not only understands the intricacies of your application data and how it works, but can also help you easily model role-based configuration for all applications within the role. Permission Assist Entitlement Roles understand the complexities of each application's permissions and help you define ideal access across all your applications. For example, you might create a Teller role to define which applications tellers should have and which permissions they should have within each of those applications. Permission Assist makes this process easier, by analyzing your existing application data and providing recommendations.
Why Set Up Entitlement Roles?
Entitlement Roles are commonly used to:
-
See a detailed analysis and gain visibility into your application security models
With Entitlement Roles, you can quickly and easily see a percentage of use for every permission within each application in the Entitlement Role. Quickly see which permissions are most used, which permissions are the exception (where maybe only one or two people are assigned to a permission), and which permissions aren't used at all. You can also see who is and who isn't assigned to each permission.
-
Model ideal access
Within the Modeling tab, you can easily model ideal access without having to figure out which specific permissions belong to a group or what other permissions are affected when allowing access to a particular enlistment.
-
Create a pre-approved set of permissions for reviews
When Entitlement Roles are properly created, approved, and enabled, they can act as a pre-approval for user permissions. During a review, reviewers can have confidence in their decisions to approve or flag permissions by comparing a user's current permissions with the permissions they are allowed based on their enrolled Entitlement Roles.
-
Create a pre-approved set of permissions
If you use the Operations module, Permission Assist uses Entitlement Roles for personnel events such as onboarding, offboarding, role transitions, and leaves of absence. For example, if one of your loan officers is getting promoted to Loan Manager, Permission Assist knows which permissions the loan officer currently has and which permissions need to be added, changed or removed as they transition to their new position. It can also help you manage a period of time where they may need access to both sets of permissions.
If you don't use the Operations module, you can export Entitlement Role permissions to help your team with personnel events.
To view the Entitlement Roles list, go the Manage menu on the main screen and select Entitlement Roles.
Column Button 
The column button displayed in the top right corner of the page allows you to add or remove columns from the Entitlement Roles list. To change which columns are displayed, select the column button and then pick any of the following options.
| Option | Description |
|---|---|
| Name | This option displays the Name column, which shows the name of the Entitlement Role as defined on the Settings tab within the Entitlement Role. It is selected by default and cannot be removed. |
| Description | Select this option to display the Description column, which provides a longer description for the Entitlement Role as defined on the Settings tab within the Entitlement Role. |
| Owner | Select this option to display the Owner column, which shows the owner assigned to the Entitlement Role (defined on the Settings tab within the Entitlement Role). |
| Count | Select this option to display the Count column, which shows the number of people enrolled in the Entitlement Role, including disabled Identities. |
| Status |
Select this option to display the Status column, which indicates whether the Entitlement Role is enabled or disabled. An enabled Entitlement Role can be used within reviews and can also be used for onboarding, role transitions, and leaves of absence. |