Skip to content

Conventions for org

The IaM Security paradox

📝 * Most companies define the HR system as the IaM master source 📝 * Most companies outsource the HR system and many HR functions 📝 * the IaM master is outside the company's control...

Some reflections

  • HR system is master for users, roles per user/group.
  • Delegate assignment of roles to users to the HR manager of each department/group.
  • They use contract/relation as filter/grouping, not "employee". E.g. part time employees (temps), partners, contractors, etc.
    • Many, many user repositories.
    • Cannot enforce roles across applications. Doesn't scale. Need to accept that each application has its own set of roles.
  • The meaning of roles is defined in each application.