What Can Users Access

Manage across platforms, resources and the organization

The Contouring Engine® focuses on organization-wide management. The engine is designed to manage entitlements across multiple platforms, assisting in role development that can span an entire organization. Establishing "What Can" a user access, The Contouring Engine® reaches out and gathers all current entitlements and permissions. Whether they are associated with each identity or span all platforms, the engine consolidates this information into a single profile of current entitlements for every identity.

Granularity for entitlements is fully configurable by platform. Entitlements can be configured broadly for application or server access or finely for file and folder access. Furthermore, once accessed, individual entitlements can be restricted to permission detail. This can also apply to specific transactions an identity is allowed to perform within an application.

It is important to note that solutions that base roles on current entitlements only do nothing to reign in excessive access—a condition that has proliferated many security infrastructures.

The Prodigen solution provides features that far surpass this common problem including:

• Identity centric repository for all entitlements
• Multi platform, domain, LPAR and application
• One stop view of all entitlements
• The ability to establish roles based upon only current entitlements
• The ability to establish roles based upon the preferred combination of "What Can" and "What Do" users access
• Facilitation of entitlement reviews through delivering information to managers that depict current entitlements of individuals across multiple platforms (when combined with what users actually use, managers can be confident in recommending reductions in entitlements)