Simulation

Simulations aim to assess the impact of a modification in the role model, i.e. any modification of a role or rule, before it is applied.

Overview

Identity Manager's simulations gather roles and rules which are to be created, modified or deleted, without being inserted in the actual role model straight away. More specifically, a simulation can involve:

• Resource Correlation Rule and Resource Classification Rule ;
• Resource Type and Resource Type;
• Resource Type rules;
• Single Role and Composite Role ;
• Single Role Ruleand Composite Role Rule.

A simulation can also be created by the Perform Role Mining for the automation of role assignments.

Through simulation, integrators can:

1. create, modify or delete roles and rules in a given policy;

   Only one simulation can be active per policy.

2. observe via simulation reports the impact on the whole system, i.e. both assignments and provisioning results, before the changes are applied;

3. decide to confirm or cancel changes.

Netwrix Identity Manager (formerly Usercube) recommends using simulation whenever performing an action (creation/modification/deletion) on the role model.

Perform a Simulation

See the Perform a Simulation for additional information.

Perform a Simulation

How to assess the impact of a modification on the role model, including the role catalog, role assignment rules and resource correlation rules, using a dedicated Create a Policy. See the Create Roles in the Role Catalog , Automate Role Assignments Correlate Resources , and Create a Policy topics for additional information.

Overview

Identity Manager's simulations gather roles and rules which are to be created, modified or deleted, without being inserted in the actual role model straight away. More specifically, a simulation can involve:

• Correlation rules and classification Rule;
• Scalar rules and navigation rules;
• Resource Type rules;
• Single Role and Composite Role ;
• Single Role Rule and Composite Role Rule.

See the Correlate Resources Resource Classification Rule , and Resource Type topics for additional information.

A simulation can also be created by the Perform Role Mining for the automation of role assignments.

Through simulation, integrators can:

1. create, modify or delete roles and rules in a given policy;

   Only one simulation can be active per policy.

2. observe via simulation reports the impact on the whole system, i.e. both assignments and provisioning results, before the changes are applied;

3. decide to confirm or cancel changes.

NETWRIX recommends using simulation whenever performing an action (creation/modification/deletion) on the role model.

Participants and Artifacts

Integrators are able to perform simulation if they master the new role model.

Input	Output
Role catalog (optional) Automate Role Assignments (optional) Categorize Resources (optional)	Updated role model

See the Create Roles in the Role Catalog , Automate Role Assignments , and Categorize Resources topics for additional information.

Launch a Simulation

Launch a simulation by proceeding as follows:

1. Access the simulation list by clicking on Simulations on the home page, in the Configuration section.

   

   

2. Create a new simulation by clicking on the addition button at the top right corner.

   

3. Fill in the fields.

   

4. Click on + Create.

5. Perform changes through the Roles Changes and Rules Changes tabs and the following icons, respectively for addition, modification and deletion:

   

   

   

   At any time, you can click on the line of a previously made change to access its description, even click on Cancel to erase it.

   

6. Click on Start to launch the simulation.

   

7. After a few seconds, click on Refresh to display the simulation results.

8. Observe the results in the overview and in the Excel report available via the Download button.

   

Shift from Simulation to Production

After all needed changes have been simulated, you can decide to apply or cancel them.

Then, the simulation is no longer active.

Clicking on Apply applies the simulated changes to the role model. You need to launch the Compute Role Model Task to observe the actual changes in users' entitlements.

Impact of Modifications

Once you've applied or canceled the changes of a simulation, said simulation is no longer active. If you still need to simulate changes on the same policy, you can create a new simulation.

Deleting a simulation doesn't impact the role model. It simply undoes the simulated changes which haven't been applied yet.

Verify Modification

In order to verify the process, check that the roles and rules are created with the right parameters.

For roles, click on Access Roles on the home page in the Configuration section.

Select the type of role that you want to check, and find the roles you created inside the right category and with the right parameters.

For rules, click on Access Rules on the home page in the Configuration section.

Select the type of rule that you want to check, and find the rules you created with the right parameters.