Some embodiments of the present disclosure are directed to an improved approach for managing permissions based on de-facto job performance roles vis-à-vis their respective permission clusters.
Many medium-to-large companies use human resource management systems as a component of their enterprise-wide uses of enterprise software applications. Historically, an employee would take on a particular title (e.g., manager, supervisor, etc.) within a particular department or other organizational structure (e.g., accounts payable, purchasing, etc.). An employee who takes on a particular title or job assumes one or more duties (e.g., enter invoices, approve a purchase order, etc.). In an enterprise setting that makes use of enterprise software applications, organizational rules and checks-and-balances are enforced by authorizing a particular employee to perform some particular activities or operations using the enterprise software.
Legacy techniques granted such authorizations (e.g., authorization to approve a payment, authorization to approve a purchase order) to an employee based solely on the employee's job or title as a proxy for individual privileges or permissions. However, the adoption of enterprise software has greatly enhanced the productivity of any single employee, and accordingly a given single employee is expected to perform within an ever increasing span of responsibility and control. Moreover, many enterprises have instituted aspects of matrix management where a given single employee is expected to take on responsibilities that cross traditional organizational boundaries. Further, most medium-to-large companies institute training for new employees, and many also implement organizational resilience by assigning a secondary or backup person to fill-in in the event that the primary person is unable to perform, and the secondary personnel must be able to (at least temporarily) take on the responsibilities of the primary, and accordingly the secondary personnel must be granted applicable authorizations.
Moreover, the number of unique authorizations and the number of unique permissions needed to perform operations using enterprise software is exploding. Legacy techniques for assigning permissions to an employee have become unwieldy.
The effect of the abovementioned trends in organizational structures together with the rapid adoption of enterprise software applications exacerbates the limitation of legacy techniques. New approached are needed.
Moreover, the aforementioned technologies do not employ any techniques for role discovery or privilege cluster number minimization, or privilege cluster coverage maximization, or ranking of privilege clusters. Therefore, there is a need for an improved approach.