Definition
Process of defining a new role in the role catalog — naming, description, business owner, included entitlements, approval requirements for assignment. Governed: only role owners (or central role engineers) can create new roles to prevent role explosion. Role mining recommendations accelerate creation.
- Application
- IGA workflow: role design → entitlement bundling → business owner approval → security review → catalog publishing. Role version control captures changes over time.
Related terms
-
Birthright (BR)
Baseline access granted automatically to every identity of a specific type — typically minimal access required to functi …
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …
-
Role Assignment (RA)
Specific instance of assigning a role to an identity — captures who, when, why, with what expiration. Direct (manually r …
-
Role Lifecycle Management (RLM)
Discipline of designing, approving, deploying, certifying, modifying, and retiring roles throughout their useful life. I …
-
Role Management
Operational discipline of maintaining the role catalog — creating new roles, modifying existing roles, retiring obsolete …
-
Role Mining (RM)
Analytical process of discovering role patterns by analyzing existing access data — clustering users with similar entitl …