Definition
Specific instance of assigning a role to an identity — captures who, when, why, with what expiration. Direct (manually requested) or derived (HR policy → role mapping). Modern best practice: derived assignments via policies for scale, direct assignments tracked as exceptions requiring justification.
- Application
- Audit-tracked in IGA platforms: every assignment captures requester, approver, justification, timestamp, expiration. Foundation for SOX, SOC 2, HIPAA audit evidence.
Related terms
-
Access Control (AC)
Mechanism that determines whether a principal is permitted to perform a specific action on a specific resource. Includes …
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …
-
Role Management
Operational discipline of maintaining the role catalog — creating new roles, modifying existing roles, retiring obsolete …
-
Access Management (AM)
Discipline of granting and enforcing access to resources after identity has been established. Encompasses authentication …
-
Birthright (BR)
Baseline access granted automatically to every identity of a specific type — typically minimal access required to functi …
-
Role Creation
Process of defining a new role in the role catalog — naming, description, business owner, included entitlements, approva …