Designing an IAM Framework with Oracle Identity and Access Management Suite[文摘]
来源:互联网 发布:红中癞子麻将胡牌算法 编辑:程序博客网 时间:2024/05/22 08:23
下面这段文字还是从标题的书中摘录出来的。
What do I mean by that? Well, the thing so many companies have gotten wrong is: they have 10,000 users and 30,000 roles. If I can do five different things as part of my job, then I have five roles. If the guy sitting next to me also has five different roles, then between us we have ten different roles. Ouch! I’ve actually heard of even worse examples, where organizations had literally millions of roles, with the excuse being, “Everybody is unique.” As a product manager at Oracle puts it, “When everybody is unique, nobody is unique.”
Let’s say I’m appearing in a Shakespeare play. Let’s go with Titus Andronicus, because it’s extremely violent and bloody, much like the software market. If I’m appearing as Titus in one theater, and there’s another production of the same play down t he street, I’m not Titus-1 while the other guy is Titus-2. We’re both reading from the same scri pt. We’re both Titus. We’ve both been assigned that same role. What’s different is our context, since we’re in different theaters, and besides that, I’m tall, swarthy, handsome, and articulate, and the other guy’s kind of ugly. But we both have the same essential role, speak the same lines, and end up in the same horrid way.So instead of 30,000 roles for 10,000 people, it should be 10,000 roles for 30,000 people.
But wait, there’s more! It should probably be more like 100 rol es for 10,000 people, a vast order of magnitude less. Don’t turn a slight variation into an excus e for a whole new role. If the plastics division has a Quality Control Officer, and so does the metals division, then you have one role, with the context being the division. The grant of that role may still require different approvers; remember not to confuse the role with the granting of that rol e. But the baseline definition of the role will be consistent, yet flexible. Using context as a quali fier on a role keeps the number of roles from exploding.
总结来说,定义role的时候,最佳实践尽量减少role的个数。要区分role和context,比如这个人是某某部门经理,这个可以当作是一个role,但是他的location应该是作为一个context。因此在IAM项目实施的时候,注意不要设计过多的role。
- Designing an IAM Framework with Oracle Identity and Access Management Suite[文摘]
- Oracle LDAP解决方案 - Oracle Identity and Access Management Suite
- [Cloud Computing]Mechanisms: Identity and Access Management
- Identity and Access Management Buyer’s Guide(摘录)
- Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition
- Designing an Authentication and Authorization Strategy
- Designing Knowledge Management Solutions with a Web Storage System
- Oracle Identity Management 11g 下载地址
- ASP.NET Identity with the Entity Framework
- JBoss SSO学习笔记3 Identity Management Framework
- Database Patch Set Update Overlay Patches Required for Use with PSUs and Oracle E-Business Suite
- Advanced Data Access with ADO.NET and Oracle
- IAM之Tivoli Identity Manager(一)
- IAM之Tivoli Identity Manager(二)
- Order Management Suite - Pricing and Availability Form Library
- Sorting, Filtering, and Paging with the Entity Framework in an ASP.NET MVC Application
- Entity Framework With Oracle
- Entity Framework With Oracle
- 结构体-杜七同学个人信息
- JavaSE经验
- 多线程调试必杀技 - GDB的non-stop模式
- java 文件读写
- 120941138混合模式程序集是针对“v2.0.50727”版的运行时生成的,在没有配置其他信息的情况下,无法在 4.0 运行
- Designing an IAM Framework with Oracle Identity and Access Management Suite[文摘]
- jquery 简单应用总结
- 浅析 Java Thread.join()
- OBJC中retain和copy的区别详解
- 5.2方法详解
- 手动解决dll文件无法删除的终极方法!(转)
- 节约用水的极致 洗衣机与马桶完美的结合
- html select 只读
- WPF中绑定转换IValueConverter