Permissions Management Gains Urgency - 04 Oct 2007

"Entitlement management" is maybe a slightly fancier term for what admins in a Microsoft environment might call permissions management—that is, controlling who gets access to what resources. Microsoft admins are accustomed to controlling access to applications and data by using Group Policy. You could, perhaps, think of Securent's Entitlement Management Solution (EMS) as Group Policy on steroids—it lets you set, control, and audit fine-grained access policies for both Microsoft and non-Microsoft applications and databases from one console and is designed so that business users can set policies for the content they manage. EMS is based on the Organization for the Advancement of Structured Information Standards (OASIS) consortium's Extensible Access Control Markup Language (XACML).

Sekhar Sarukkai, Securent CTO and cofounder, described multiple scenarios in which entitlement management can be key to large enterprises and possibly some smaller businesses too. A medical group might want to give patients the ability to determine which information on their medical records a consulting doctor should be able to see and which data points family members should be able to see. A financial services company with Microsoft SharePoint might want to enforce an enterprisewide policy that prohibits analysts from publishing insider information on their internal SharePoint sites until the data is public.

The EMS agent for Microsoft SQL Server intercepts queries to the database and checks users' permissions before returning results. The results shown might differ depending on who launched the query. For example, one user might not see Social Security numbers, while another user is authorized to view them.

Sarukkai mentioned that using virtual machine (VM) technology for server consolidation and other purposes is a big trend at enterprises. Entitlement management can help companies enforce policies that specify who can set up VMs and what applications and data a virtual desktop can access.

Another big driver for a centrally managed entitlement management solution is the reporting and auditing requirements of state and federal regulations, according to Sarukkai. Auditing one set of policies managed from one console could be easier than auditing multiple sets from various applications and databases.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.