Define a data set

The first thing to do is define the relevant perspectives through the data definition.

The figure below represents an example of data definition:

Define data set

As displayed in the figure above, relevant OUs, applications, user attributes and/or entitlement attributes to analyze can be grouped in a data set. You can define the data set by putting all the elements of interest in a White List, so they will be analyzed, and/or excluding some elements by entering them in a Black List so they will be discarded.

As displayed in the figure below:

Definition of data set using BL and WL

For example, you can build a data set with all users that have the attribute A1=X.

We can obtain this, by inserting A1=X in the WL.

In this case, in our data set, the users U1 and U2 will be considered.

But now we can add another filter.

We want again all users with A1=X, but we do not want users with attribute A3=2.

We can obtain this by inserting A3=2 in the BL.

In this case, U2 will not be considered into our data set, because he has A1=X in WL and A3=2 in BL.

In the final data set, we will consider only the user U1, because only the user U1 is characterized by attributes that match with the constraints indicated above.

In this way, when the risk analysis will be performed on the data set, only the users having the right attributes will be involved (according to the WL and BL).

You can apply the same process displayed in the figure above for the entitlement attributes involved in the desired application.

You can also apply at the same time all these criteria to build any data set you need.

Note: If the same value of an object (OUs, applications, user attributes, entitlement attributes) contained in the White List is also specified in the Black List, when the data is analyzed, this object will not be considered.