Hi
We are building an enterprise identity and access management. For that purpose I I want to build an overall organisational chart that contains all the roles. These roles are organised in groups, so I want to put the groups in the org chart. I have been told not to put the groups as roles, but as groups. But how can I add the groups to the org chart?
Also it seems not usual to put roles into org charts. So what would then be the place to design a role model?
Thanks and regards
Bertin
Hello M.
Thanks for your comment. Doing a IAM project we are focusing on the roles. We have led about 200 interviews to understand what are the activities that belong to the roles. Now we want to put the roles into a structure, where the roles are the leaves (as you have pointed out). Up to now I thought this structure had in an organisational chart. Is there an alternative in Aris? And what type of object are the nodes that connect the leaves? Are these groups?
The actual organisation is not so relevant, or not part of this project, because it is constantly changing. So what is then the best way to go forward?
Regards, Bertin
Hello Bertin,
what is your exact purpose of organizing the roles in groups or a tree hierarchy? Is it common ownership of the roles? Or are they "packages" of roles that will be assigned to some user all at once?
Are the activities you gathered in your interviews steps in documented processes, such as EPC or BPMN? Or are they merely IT functions you want to authorize? Most of the time roles are defined by the process context in which they participate in activities. A sensible grouping for roles could hence be their common process context, where they perform activities.
Regards, M. Zschuckelt
M. Zschuckelt on
Hello Bertin,
indeed, don't do that. Your org-chart has got little to do with the role model. Consider, that the link between the leaves of the organizational chart (positions, held by real people) and the things these people are supposed to do is an individual management decision: Mr. Doe, please take care of the service desk as from today.
I'm exaggerating a bit, but such decisions occur daily in larger organizations. And this decision is independent of other decisions about what else Mr. Doe should do for the organization. So Mr. Doe will take on multiple roles. And probably he also gets a different set of roles compared to other people in his organizational unit. Maybe even people from different organizational units occasionally play the same role. So where do you want to manage sets of roles in your organizational chart? It doesn't work.
Yes, you need someone responsible for describing a role! Find him in your org-chart. Think of a role as the smallest unit of responsibility the management ever wants to delegate. Then you manage a matrix of people at the nodes (management) and leaves (non-management) of your org. chart against roles on the other axis. Model the roles in your processes as the subjects acting in the process and you can delegate the roles to whoever management sees fit to perform that role. If software is sensitive to roles, a directory service like your identity and access management will manage that matrix of who currently can act in a certain role and hence the software will allow access to everything specific to that role.
Regards, M. Zschuckelt