Gartner Research


Published: 03 June 2008

ID: G00203516

Analyst(s): Gerry Gebel, Kevin Kampman


Burton Group introduces an update to the Identity and Privacy Strategies Reference Architecture with a revision to the "Roles" technical position. Changes include updates to various role-engineering vendor offerings and capabilities. This technical position discusses the architectural alternatives for planning a role-based deployment, including the determination of the scope of the role-development project, uses of roles, role-development methodology choices, and assignment of roles.

Table Of Contents

Decision Point

Typical Requirements

  • Consistent Representation and Enforcement of Policy
  • Legal, Regulatory, and Policy Compliance
  • Attaining Administrative Efficiency and Scalability
  • Improve Flexibility of Business
  • Enhance User Experience Through Personalization
  • Governance and Lifecycle Management


  • Role Implementation Challenges
  • Choices for Policy Constructs
  • Scope of Role Deployment
  • Determining Role Usage
  • Role Creation and Administration
    • Role Discovery
    • Granularity of Roles
    • Depth of Functionality
    • Role Relationships
    • Assignment of User Roles

Future Developments

  • More Role-Discovery Tools
    • Wider Adoption of ANSI Roles Standard
    • Emergence of BPM Tools for Role Discovery

Evaluation Criteria

Statement & Basis for Position

  • Scope of Roles Position
    • Develop roles for use across many functional and application areas enterprise-wide.
    • Follow a tactical approach focused on a specific application or domain.
    • Create limited inter-enterprise role definitions.
    • Don't create roles.
  • Role Usage Position
    • Use roles across all administrative functions and for additional functional and application areas.
    • Use roles where tactically appropriate.
  • Role-Creation Methodology Position
    • Use a combination of top-down and bottom-up analysis.
    • Use a primarily bottom-up approach.
    • Use a primarily top-down approach.
  • Granularity of Roles Position
    • Create roles that have a small number of permissions.
    • Create general-purpose roles.
  • Mapping of Roles to Permissions Position
    • Create a set of user roles that reflect business-level job functions and a separate set of IT roles that encapsulate sets of permissions.
  • Depth of Functionality Position
    • Assess the risk of application functions and prioritize which functions are included in role definitions.
  • Role Relationships Position
    • Use at least a two-level role hierarchy.
    • Create additional levels.
    • Use a flat model for role definitions.
  • Assigning User Roles Position
    • Use automation to assign roles.
    • Use manual administration or request-based systems to assign roles.

Relationship to Other Components

Revision History

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.