How does SailPoint IdentityIQ define its authorization model?

SailPoint IdentityIQ defines its authorization model primarily through capabilities and SPrights, which represent a more granular approach to managing access permissions. Capabilities in IdentityIQ allow organizations to define what actions a user can perform within the system based on their roles and responsibilities, while SPrights govern the specific permissions associated with those capabilities. This model enables fine-tuning of access control, ensuring that users have the right level of access to resources based on their operational needs, thereby enhancing security and compliance.

This approach stands in contrast to relying solely on user roles, which can be overly simplistic and may not provide the necessary level of detail for managing complex permissions scenarios. Limiting access based on IP addresses is a network security measure and does not directly relate to the authorization model within IdentityIQ. Similarly, manual approval processes can be part of overall governance but are not the foundation of the authorization model itself. The focus on capabilities and SPrights makes the authorization structure flexible and aligned with the dynamic requirements of enterprise environments.