Identity Baseline Access Risk Tab

The Baseline Access Risk score is a measure of inherent risk. A user's Baseline Access Risk score rarely changes because their role within the enterprise is the primary factor in defining the score. This type of score ranges from 0 (lowest risk) to 1000 (highest risk).

Select one of the following options to define how IdentityIQ calculates base access risks. Each role, entitlement, and policy violation is assigned a score that falls into a band. The number of bands is configured on the Advanced Configuration page and applies to the entire IdentityIQ application.

To configure baseline access risk scores for role, entitlement, and policy violation access, navigate to Identities > Identities Risk Model and select the Baseline Access Risk tab.

Role Baseline Access Risk

Role Baseline Access Risk score is calculated based on the roles correlated to the identity. This list contains every role defined in IdentityIQ. To limit the number of items displayed in the list, filter the list by role name and type.

Column	Description
Name	The name of the role.
Type	The role type as defined when the role was modeled.
Description	The description of the role as defined when the role was modeled.
Risk Level	The current risk level assigned to the role.

Click on a role to display the configuration panel to see the role details and set or modify the risk level. Use the slider control to set the risk level or enter a value in the field on the right.

Entitlement Baseline Access Risk

Entitlement Baseline Access Risk score is calculated based on the additional entitlements correlated to an identity. Additional entitlements are entitlements that are assigned to a user, but are not part of any of the roles assigned to that user.

Entitlements fall into two categories: Permissions and Attributes. A Permission is a privilege, such as create, read, update, delete, and execute. Attributes are customized user characteristics made up of an attribute / value pair, such as group / Administrators. A risk score is configured for each Permission and Attribute / Value pair in the system. A user's Entitlement Baseline Access Risk score is determined by summing the risks associated with each of the additional entitlements that they hold.

Use this page to add applications to the list and to work with the entitlements on each. The Entitlement Baseline Access Risk Configuration page contains the following information:

Column	Description
Application	The name of the application with which the entitlements are associated.
Account Weight	The default score assigned to any identity that is assigned entitlements on this application. Account Weight scores are not compensated. This score is not applied to the identity risk score if the entitlements assigned to the user are, either all used as part of roles assigned to the user, or if the risk score for all of the entitlements assigned to the user are zero based on certification rules.
Permissions	Click in this column to modify the weight assigned to the permissions for the associated application. Use the sliding bar or enter a value in the field on the right to modify permission weight.
Attributes	Click in this column to add, delete or modify the weight assigned to the attributes for the associated application. Select an attribute from the dropdown list, type an attribute name, and click Add to assign a weight to a new attribute, or modify and existing attribute in the list. Select an attribute using the checkboxes on the left and click Delete to remove an attribute from the list.

To add an application to the list, select an application from the dropdown list on the bottom of the page. The list contains all of the application configure to work with IdentityIQ that are not currently on the list. Use the Permissions and Attributes columns to add entitlements to applications for risk tracking.


	You are here: