Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

Overview

Profiles and profile grants Profile Grants are designed to improve efficiency across the organization, they . They are the evolution of Business Roles. Activated profile grants can reduce , allowing for more streamlined user onboarding and cutting back the number of permissions to be reviewed in User Access Reviewsaccess reviews. Profile grants also allow you to quickly onboard users, ensuring that they have appropriate permissions from the start. Profile grants have one of two levels, birthright or come in two levels: birthright and suggested, giving admins administrators more control over which permissions are provisioned during onboarding. Both birthright and suggested profile grants can be pre-approved in an access review.

Terminology

Profile: A collection of user demographic properties based on roles in your organization, for example such as Department = Engineering & Title = Engineer. A user may be associated with zero or more profiles, and there may also be a profile for All Users.

Profile grant: Mapping A mapping between a profile and a permission.

Birthright level: Birthright level indicates Indicates that all users in the profile should have the permission.

Suggested level: Suggested level indicates Indicates that all users in the profile may have the permission.

Profile grant states:

  • New - : Grants suggested by Zilla but not yet activated.

  • Activated - : Grants that are used for onboarding and access reviews.

  • Deactivated - : Grants that are no longer used.

...

  • Activate Grant - Makes profile grants eligible for onboarding and access reviews.

  • Deactivate Grant - Declined grants will not be used for onboarding nor access reviews.

  • Reassign Approver - By default, the Technical Owner of the permission’s application is the approver of the profile grant. Reassignment can be to TBD.

  • Edit Level - Zilla suggests Zilla’s suggestion of either birthright or recommended but this suggested can be manually overridden.

...

Generating Profiles

The Zilla administrator initiates profile generation. The tenant’s data is analyzed to create a collection of profiles each with a collection of profile grants. Profile grants originate in the New state and must be activated before they can be used in an access review or for provisioning, they must be activated. By default, an application or permission owner is responsible for reviewing and activating profile grants, but Zilla admins can also activate.

See How to

...

Generate Profiles for a step-by-step guide.

Customizing Profile Generation

After the initial profile generation, the administrator can re-generate profiles and specify the scope in terms of the population and which demographic values to use. The user demographic fields that are available to choose from are based on this particular the tenant's collected user metadata. In order to be included, the field must be collected and populated. They may  The administrator can also change the system defaults regarding minimum quality and population of profiles.

...

TBD: How-to video? Or a step-by-step?

New ProfilesNew Profiles

When Profiles are generated they are initially in the New state.

...

(1) Profiles grants can be viewed in several different ways: By Profile, By Application, List.

...