+
  Policy’s role in authorization, XACML today, & OpenID’s new policy charter Listen to the podcast  

Fortune 500 Transportation Company Simplifies Access Control for 175,000 Users

One of the largest freight transportation companies in the world, with over 50,000 employees, stores and manages data with access in mind for over 175,000 user accounts. Over the past 50 years, the company has solved difficult technical problems for this population with innovative, forward-thinking solutions. With time however, the company had outgrown its systems, affecting how the company manages user access. Historically, its authorization data and decisions were made from roles stored in enterprise systems, databases, or within application code, without a consistent, successful implementation.

Challenges

Siloed Data

  • Authorization data stored in many systems
  • Data is often times duplicated
  • The same type of authorization request from different sources could yield different results

Role Explosion

  • The company initially had 3,775 roles with 176,000 assigned users and within 3 years
    those numbers had grown to 54,000 groups and over 800,000 user assignments.
  • Due to the increasing number of different roles, the company had an increasing number of roles to
    properly encapsulate the permissions. Managing all those roles proved to be extremely complex.

Download PDF