下面这段文字还是从标题的书中摘录出来的。

What do I mean by that? Well, the thing so many companies have gotten wrong is: they have 10,000 users and 30,000 roles. If I can do five different things as part of my job, then I have five roles. If the guy sitting next to me also has five different roles, then between us we have ten different roles. Ouch! I’ve actually heard of even worse examples, where organizations had literally millions of roles, with the excuse being, “Everybody is unique.” As a product manager at Oracle puts it, “When everybody is unique, nobody  is unique.”

Let’s say I’m appearing in a Shakespeare play. Let’s go with  Titus Andronicus, because it’s extremely violent and bloody, much like the software market. If I’m appearing as Titus in one theater, and there’s another production of the same play down t he street, I’m not Titus-1 while the other guy is Titus-2. We’re both reading from the same scri pt. We’re both Titus. We’ve both been assigned that same role. What’s different is our  context, since we’re in different theaters, and besides that, I’m tall, swarthy, handsome, and articulate, and the other guy’s kind of ugly. But we both have the same essential role, speak the same lines, and end up in the same horrid way.So instead of 30,000 roles for 10,000 people, it should be 10,000 roles for 30,000 people.

But wait, there’s more! It should probably be more like 100 rol es for 10,000 people, a vast order of magnitude less. Don’t turn a slight variation into an excus e for a whole new role. If the plastics division has a Quality Control Officer, and so does the metals  division, then you have one role, with the context being the division. The grant of that role may still require different approvers; remember not to confuse the role with the granting of that rol e. But the baseline definition of the role will be consistent, yet flexible. Using context as a quali fier on a role keeps the number of roles from exploding.

总结来说,定义role的时候,最佳实践尽量减少role的个数。要区分role和context,比如这个人是某某部门经理,这个可以当作是一个role,但是他的location应该是作为一个context。因此在IAM项目实施的时候,注意不要设计过多的role。

Designing an IAM Framework with Oracle Identity and Access Management Suite[文摘]相关推荐

  1. AP Autosar平台设计 14 身份和访问管理Identity and Access Management

    目录 14身份和访问管理Identity and Access Management 14.1术语 14.2IAM框架的范围和重点: 14.3AUTOSAR规范的内容 14.4 IAM框架的架构 14 ...

  2. Identity and Access Management - 介绍

  3. Oracle数据库与Access互导实例

    Oracle数据库与Access互导实例 (1)把Access实际相关应用数据导入Oracle数据库的步骤是,首先打开Access数据库,选择你所需要导入的表,在将表名与各个列名改写为大写字母(导入O ...

  4. Android 进阶——Framework 核心之Android Storage Access Framework(SAF)存储访问框架机制详解(一)

    文章大纲 引言 一.Android Storage Access Framework 二.Storage Access Framework 的主要角色成员 1.Document Provider 文件 ...

  5. Android 进阶——Framework 核心之Android Storage Access Framework(SAF)存储访问框架机制详解(二)

    文章大纲 引言 一.DirectFragment 1.当选中DirectoryFragment中RecyclerView的Item时 2.选中DirectoryFragment中RecyclerVie ...

  6. oracle电子商务套件ebs,Oracle电子商务套件EBS(E-Business Suite)研发战略和路线图.ppt...

    Oracle电子商务套件EBS(E-Business Suite)研发战略和路线图 Anne – tweaked product names to match price list – applied ...

  7. Entity Framework With Oracle

    虽然EF6都快要出来了,但是对于Oracle数据库,仍然只能用DB first和Model First来编程,不能用Code First真是一个很大的遗憾啊. 好了,废话少说,我们来看看EF中是如何用 ...

  8. sql语句查询Oracle|sql server|access 数据库里的所有表名,字段名

    Oracle select * from user_tables where table_name = '用户名' 如果是用该用户登录使用以下语句: SELECT * FROM USER_TABLES ...

  9. access mysql oracle数据库_Oracle Access 数据库连接 使用

    直接代码吧: /// /// Oracle数据库连接 /// /// 数据库连接串,例如:(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP ...

最新文章

  1. Mob之社会化分享集成ShareSDK
  2. tkFileDialog报错,模块未找到出错:没有名字叫做 tkFileDialog 的模块
  3. Spring版本特性:Spring各个版本引入了哪些新特性?
  4. Hive的四种存储方式Stored as ?
  5. JS设计模式(2)策略模式
  6. linux下tmpfs文件系统简介
  7. 02-NLP-04基于统计的翻译系统-03-短语翻译表构造——短语抽取
  8. python 线程锁_Python3多线程执行任务含线程同步锁
  9. 香橙派OrangePi Zero开发板的WiFi连接测试
  10. 计算机图形点阵表示实例,计算机图形学的应用实例(计算机图形作业)精选.doc
  11. 进化计算——进化规划(EP)
  12. 西数trex自动版u盘版_当移动硬盘遇上它,改变生活:西数My Passport随行版
  13. 七大江河水系--淮河
  14. 钉钉windows端多开软件_电脑便签需要下载吗?电脑上用什么桌面便签软件工具好...
  15. TrustSystem声学测试指导
  16. 使用PyTorch中的预训练模型进行图像分类
  17. 怎么可以修改pr基本图形中的文字_10、Pr中基本图形安装使用,点点就可以应用高级的字幕...
  18. 解决Win10桌面和任务栏图标闪烁的问题
  19. gmail发邮件一直失败,解决办法
  20. C 语言的控制台输出只是 “黑底白字”吗 ?

热门文章

  1. idea中一键生成copyright
  2. Android手机QQ的UI自动化实践,为什么spring能最好地改变Android
  3. 大型网站优化方案思路技巧总结
  4. 2021-2027中国脚手架和配件市场现状研究分析与发展前景预测报告
  5. 数字签名是什么?公钥和私钥是什么
  6. 计算机二级自学考试,关于全国计算机等级考试(NCRE)与高等教育自学考试课程衔接的通知...
  7. 1 C语言的基本知识
  8. 『随感。』:生活琐事
  9. ESP8266Web配网(连接wifi自动打开网页)
  10. Hexo(sakura)文章增添字数统计和阅读时长功能