Role Mining
Role mining analyzes who holds what across the entitlement catalog and surfaces candidate roles — entitlement sets shared by enough peers to be worth turning into a managed role.
Admin console: /admin/role-mining
Concepts
- Candidate role — a set of entitlements held in common by a group of identities.
- Members — the identities that share the candidate set.
- Minimum members — the threshold (peer count) above which a shared set is proposed as a role.
How it works
The miner groups identities by their identical entitlement sets. Any set shared by at least the configured minimum members becomes a candidate role, ranked by how many people hold it. From a candidate you can promote it into a managed role so future access is granted as one unit rather than entitlement-by-entitlement.
Typical workflow
- Open
/admin/role-mining. - Set the minimum-members threshold.
- Review the ranked candidate roles and their members.
- Promote strong candidates into managed roles.
Related
- Entitlement Catalog — the source data for mining.
- Access Recommendations — peer-based suggestions for individuals.