The Degrees of Separation feature uses a separation configuration
that uses three parameters to determine the relationships among entities.
Degrees of Separation example
- IBM InfoSphere Identity Insight reports that entity A knows entity
B.
- IBM InfoSphere Identity Insight reports that entity B knows entity
C.
- IBM InfoSphere Identity Insight reports that entity
A knows entity D.
- IBM InfoSphere Identity Insight reports that entity D knows entity
E.
- The calculated path strength threshold of
a role alert chain. A role alert chain whose path strength is below
this threshold will not generate role alerts. The path strength is
the product, converted to an integer, of the relationship score decimal
conversions of every entity in the role alert chain.
- The relationship score for entity A knows entity B is 90. 90 is
converted to the decimal .9
- The relationship score for entity B knows entity C is 70. 70 is
converted to the decimal .7
- The relationship score for entity A knows entity D is 80. 80 is
converted to the decimal .8
- The relationship score for entity D knows entity E is 70. 70 is
converted to the decimal .7
- The relationship scores in the role alert chain are multiplied;
(.9 x .7 x .8 x .7) = .3528
- .3528 is converted to the integer 35.
- The max depth is the maximum number of degrees
of separation of one multi-degree relationship chain in an entity
graph considered for role alert detection. The max depth of
this multi-degree relationship is set to two (2).
- The max role alert degree is the maximum
number of degrees of separation between the two entities at the end
of two multi-degree relationship chains in an entity graph considered
for role alert detection. The max role alert degree has
been set to four (4).
- Entity C and entity E have conflicting roles, so a role alert
is generated.