...
Profiles and Profile Grants are designed to improve efficiency across the organization. They are the evolution of Business Roles, allowing for more streamlined user onboarding and cutting back the number of permissions to be by allowing data owners to pre-approve user permissions based on users' attributes. They enable more streamlined and accurate user onboarding as well as reducing the volume of permissions that must be individually reviewed in access reviews. Profile grants come in two levels: birthright and suggestedcan be either birthright or suggested level, giving administrators more control over which permissions are provisioned during onboarding. Both birthright and suggested profile grants can be used to pre-approved approve permissions in an access review.
Terminology
...
Profile grant: A permission that Zilla recommends be granted to users matching a specific profile definition like: Department=Engineering & Permission=Github Members. Grants will be proposed by Zilla based on a high percentage of those profile users already having the permission. The application or permission owner may accept and activate a recommended profile grant.
Birthright level: Indicates that all users in the profile should have the permission.
...
Activate Grant - Makes profile grants eligible for onboarding and access reviews.
Deactivate Grant - Declined Deactivated grants will not be used for onboarding nor access reviews.
Reassign Approver - By default, the permission owner or the Business Owner of the permission’s application is the approver of the profile grant. Reassignment can be to any other owner (business, technical, additional) of the relevant application.
Edit Level - Zilla’s suggestion of either birthright or suggested can be manually overridden.
Generating Profiles
The Zilla administrator initiates profile generation. Zilla uses machine learning to analyze the tenant’s data to recommend a collection of profiles each with a collection of one or more profile grants. Profile grants originate in the New state and must be activated before they can be used in an access review or for provisioning. By default, an application or permission owner is responsible for reviewing and activating profile grants, but Zilla admins can also activate.
...