Identity Access Governance
Janssen is not a governance platform, so it does not do any of the following:
Role Based Access Control (RBAC) is a strategy used by many organizations to authorize access to resources. However, RBAC has a dark side: if roles are used to reference each unique access requirement the number of roles can grow exponentially. In fact, some organizations have more roles than people! This is known as "role explosion." Role Management is an enterprise workforce governance practice which correlates roles across all applications to reduce their number to the lowest common denominator of "enterprise roles".
The role request and approval processes tend to result in a person accumulating many roles over time. However, because removal of roles no-longer-needed is often overlooked, it's important for organizations to regularly perform access certification campaigns (i.e. "recertification" or "attestation"). For example, once per year, managers may need to decide if the roles assigned to subordinate employees are still needed.
Removal of a non-sensitive role is not an urgent matter. However, certain situations might require faster action, for example if an employee is moved to a different organizational unit with a different manager. The new manager assumes responsibility for the employee's roles, and should execute an ad-hoc recertification process for that specific user.
Segregation of Duties#
Sometimes an organization should prevent a person from having two roles simultaneously. For example, there could be an account rule that a person can't both sign and approve checks. Or a person can't perform both financial advisory and equity trading. The governance platform may enable organizations to define these Segregation of Duties to prevent such conflicts of interest.