Major Australian Banking Institution
Mainframe Role Based Access Control
Project Summary
In late 2006, Anson Consulting was engaged to assist with a feasibility study into applying Role Based Access Control (RBAC) in the bank's mainframe environment. We were re-engaged to provide the lead identity management consultant for the design and proof of concept; development of the business case; implementation; and finally transfer to operation of a new RBAC model. The project was completed in early 2010.
Project Outcome
The new account management model meets the Bank's audit requirements with reduced compliance overheads.
Prior its introduction, approximately 6000 users of the mainframe environment had access privileges that bore limited relation to their functional activities. There was little or no understanding of the significance of the access privileges assigned to any individual user.
The new model has provided one well-defined and managed role for every 7 or 8 users, with no loss of function required for each user. At this stage no additional discretionary access is required for any user, although the model does allow for this.
Roles are focused on business function and are owned and managed by business line management supported by the Access and Identity Management team. Operational controls have been developed and implemented to ensure that accounts continue to match the precise requirements of the user's job function through organisational and job function changes, resulting in very high levels of access integrity and approval from internal audit and risk management groups.
The model was developed with significant user consultation. Implementation was undertaken in close cooperation with user business units. As a result of this, the access model has received a very high degree of user buy-in and acceptance and the implementation has resulted in very positive feedback from management—both non-technical and technical—and users.
Management Information Technology & Medical Science Consulting
