Often authorization for access to applications and/or physical locations is de-centrally managed in the applications themselves by system administrators with no central view for management or auditors. The Role Based Entitlement Access Management (RBEAM) application solves this by:
· Providing the ability to define Entitlements (which can by logical or information systems or physical locations) and the roles (i.e., responsibilities or privileges) that need to be managed.
· Catalog item for requesting new access, updating existing access (role/responsibilities) and access de-activation to any Entitlement.
- Workflows for governing the authorization process to the various Entitlement and accompanying Roles (privileges / responsibilities).
- Model user access to quickly change or setup access based on existing configurations.
- Reports and Dashboard supporting audits and other regulatory / compliance requirements.
In an example use case, a customer using Oracle Financials needed to track not just who had access to Oracle Financials, but what level of access each person was authorized to have. Previously, the process for managing each person’s financial responsibilities was loosely done over emails and spreadsheets creating a time-consuming nightmare for validation and audits.
Using the powerful combination of ServiceNow and RBEAM, the Oracle Financial Entitlement was created and configured with all of Oracle’s out-of-the-box roles (responsibilities). A one-time upload of existing user/responsibilities was done and from there onward, requests for new access, updates to existing access or disabling user access was done using RBEAM. This allowed for improved transparency, organization, and automation for enabling and disabling access to the folks using the service while simultaneously providing the evidence capture needed for audit time (e.g., who approved it, when it was granted, justifications for the request).
· Catalog item for managing Entitlements: Create new Entitlements, Modify Existing Entitlements, Decommission Entitlements. Accessible by those with ITIL role. Includes workflow for reviewing / approving by the manager of the Entitlement.
· Catalog item for managing Entitlement responsibilities (roles/privileges): A simple bulk-updating interface to Checklist Pro managing all checklist items representing the roles (responsibilities / privileges) associated with any Entitlement. Includes workflow for the Entitlement Manager to review / approve of roles / responsibility changes before they become official. Accessible by Checklist Pro Administrators.
· Catalog item for managing Entitlement access by employees (users). Allows for assigning new Entitlement access, modifying existing entitlement roles (responsibilities / privileges) and disabling access. Accessible by all users. The underlying workflow directs the request first to a configuration / review team for approval and update before final approval / update by the Entitlement manager. With all parties approving, the support group is tasked with fulfillment of the request.
· Dashboard with reports and filtering options as a one-stop-shop supporting all authorized access.
New Features
- Allow user to define the workflow approval process on an Entitlement by Entitlement basis. By default, processing for Entitlement Access proceeds as follows:
- Authorizing Access - Review and possible request updates by:
- Configuration Group
- Entitlement Manager
- Fulfillment (Provisioning) Task to Entitlement Support Group to enable / disable access
- Authorizing Access - Review and possible request updates by:
- Any of the above mentioned steps is now optional and under the configurable control through the Manage Entitlement catalog item.
Bug Fixes
- Removal of erroneous Cross Application Scope error message
Runs on the ServiceNow Platform.
Checklist Pro (ServiceNow store application) must be pre-installed.