Entitlements describe a capability that can be enabled or disabled for a given identity on a given application or system. Entitlements are usually granted to identities based on a business process. For example, each full-time employee may be given an email account if a manager approves. In this example, if the employee has full-time status, an e-mail notification would be sent to the manager for approval. Once the manager approval is received, an email account may be created for the employee.
In a typical provisioning application, entitlements are applied inline with the business process. If entitlements are applied directly to an application, it would require the executor of the business process to have permissions to the application in which the entitlement is being applied to. In addition, it may be costly to enable the entitlements on the application depending on factors such as network traffic and system load. Different business processes may also be applying the same entitlement. In this case, the system may end up with redundant calls to the application. Furthermore, the system may apply the entitlement onto the application in an inconsistent manner.