Role Mining Stage 1

Create a trusted entitlement catalog before you mine roles.

Catalog every entitlement with stable naming, accountable ownership, sensitivity, and baseline-access context so downstream mining runs on governed access data instead of connector noise.
Cataloged entitlements 1,248 All access items under governance
Pending review 34 Missing ownership, tags, or annotation
Broad access 412 Large or baseline groups needing scrutiny
High risk 27 Privileged or sensitive access indicators
Last ingest Checking...

Reading latest connector telemetry.

Source coverage Checking...

Comparing cataloged entitlements to the scanned group source.

Total scanned objects Checking...

Summarizing users and groups seen in the latest ingest.

Catalog completeness Checking...

Determining whether the catalog fully reflects the latest scanned source.

Catalog Curation Queue

Review the entitlements that still need ownership, sensitivity, annotation, or broad-access decisions before they progress to later mining stages.

0 rows scored 0 selected 0 high risk 0 baseline review 0 matching rows

Click Suggest values to bulk prefill the current queue. Final approval still happens one item at a time.

Annotation Privileged access Ownership gaps Broad access
Entitlement Classification Owner Sensitivity Breadth Status Suggestion Action
Loading live entitlement catalog...

Classification and Source Footprint

Measure how much of the catalog is documented, owned, sensitivity-tagged, and correctly identified as broad or focused access.

Coverage focus
Annotated entries 1,093

88% include description or annotation.

Ownership assigned 918

74% has a clear business or technical steward.

Broad access groups 836

Large or baseline groups should be flagged before candidate generation.

Review backlog 19

Entries missing owner, sensitivity, or annotation.

Top entitlement families
  • Loading catalog footprint Grouping live entitlements by classification and scope.
    Live
Birthright and baseline access, such as default domain membership, should stay in the catalog but be tagged as foundational access instead of being promoted into candidate business roles.

Membership and Exposure Distribution

See which entitlements reach the widest population and where baseline access could distort later mining output.

Top 7 entitlements Top 15 entitlements
Largest entitlement 184 Highest recorded member count in the catalog.
Average members 96 Mean entitlement population across live records.
Security enabled 42 Groups carrying enforceable access control semantics.
Broad access rate 33% Share of catalog marked broad or large-reach.

Catalog Health

Governance indicators that decide whether the catalog is trustworthy enough for mining.

Governance
Ownership assigned Business or technical steward attached.
918 74%
Sensitivity tagged Catalog entries with explicit sensitivity classification.
33% 412 tagged entitlements
Broad access groups Baseline or large population groups that need careful handling.
836 Backlog to prioritize
Review backlog Entries still missing minimum curator metadata.
19 Needs intervention

Curation Priorities

Focus first on entitlements that materially affect role quality or audit readiness.

  • Loading priorities Scoring live entitlements by review backlog, risk, and breadth.
    Live
IAM/IGA Portal — Internal Use Only. See documentation for policies. Copyright © 2026. All rights reserved.