Even for small companies, identity and permission management is a too complicated affair to be handled with the standard Active Directory tools provided in the Windows OS. Products that support and automate permission management are very expensive and have a steep learning curve because of their complicated architecture that includes distinct servers and databases as the foundation of all applications.
Besides, this architecture creates a strong dependence on the maker. Once the permission management has been ‘transmitted’ to the system it is very hard to be isolated again.
The Permission Manager modifies the technological structure of permission management to provide an affordable system that can be introduced at low cost and allows enterprises a new and easier permission management.
The Permission Manager does not need an RBAC matrix (RoleBased Access Control) that all previous identity management systems have applied, requiring a distinct database with its own server infrastructure. Instead, it is based on the very Active Directory and saves the permission structures in a separate Active Directory partition. An easy-to-use user interface helps modify the permission structures in the Active Directory.
This architecture speeds up the introduction but also makes operation more failsafe due to its lower complexity with less potential error sources. Besides, the Permission Manager always issues a live image of the current permission structures of the Active Directory.
An identity management system based on a database helps the users detect the permission structure only as it is represented in the database. Direct modifications in the Active Directory that are not copied into the database may escape detection.