Group Mining
Incorporating Group Mining in ABAC Model Attribute Hierarchy
Last updated
Incorporating Group Mining in ABAC Model Attribute Hierarchy
Last updated
Our Group Mining feature ensures your attribute model is set up in no time. It intelligently recommends which Entra ID groups to link with each attribute, guided by the number of users in those attributes, making the setup process quick and straightforward.
Please make sure you read and follow the Learn the basics guide before starting to use the Group Mining feature.
The Group Mining feature suggests permissions (Entra ID Groups) for the specific attribute based on the setup of your current user-group relations within your Azure Entra Tenant.
24 users have the attribute Location: "New York" 4 / 24 (=17%) users with this location have the permission: "Microsoft Dynamics 365" Now it's up to you to decide whether you want to add "Microsoft Dynamics 365" to the attribute "New York"
The question you should ask yourself in this particular example is: Is a matching percentage of 17% enough to justify adding "Microsoft Dynamics 365" to all users with Location "New York," or would it be more suitable to allocate it to a higher level (such as department) or perhaps even a lower level (such as job title), especially when there is a license cost involved?
80 users have attribute Department: "Information Technology" 48 / 80 (=60%) users in this department have the permission: "Freshworks" Now it's up to you to decide whether you want to add "Freshworks" to the attribute "Information Technology"
The question you should ask yourself in this particular example is: Is a matching percentage of 60% enough to justify adding "Freshworks" to all users with Department: "Information Technology," or would it be more suitable to allocate it to a lower level such as Location or Job Title, especially when there is a license cost involved?
15 users have attribute Job title: "Sales Manager" 12 / 15 (=80%) of those Sales Managers have the permission: "Tableau" Now it's up to you to decide whether you want to add or remove "Tableau" from the users with the attribute "Sales Manager"
Job Title is the lowest level, this means you only have three options:
Add Tableau to the attribute Sales Manager.
Remove Tableau from all Sales Managers.
Leave it as it is.
When utilizing Group Mining as part of the attribute hierarchy strategy, consider the following guidelines:
Data-Driven Decisions: Use Group Mining insights to inform permission assignments, ensuring they are justified by actual usage and need within the organization.
Hierarchical Considerations: Evaluate whether permissions suggested by Group Mining are best applied at the Department, Location, or Job Title level, in alignment with the overarching principles of efficiency, security, and manageability.
Cost-Benefit Analysis: Always consider the implications of adding or removing permissions, including license costs and the impact on operational flexibility.
Using our Group Mining feature in the RBAC setup gives IT teams a strong advantage in managing access controls. It uses the data you already have about who's in what group to help make smarter choices about who should have access to what. This way, you ensure everyone gets the access they need without compromising security. It's all about making sure permissions fit perfectly with what users need for their jobs and keeping everything tight security-wise.
