Which type of roles are used to encapsulate entitlements in SailPoint?

In SailPoint IdentityIQ, roles are a fundamental concept designed to bundle entitlements and access controls in a meaningful way. The type of roles that encapsulate entitlements are known as IT roles.

IT roles specifically represent a set of access rights to systems, applications, and data that are typically tied to a particular job function or technical requirement. They allow organizations to simplify the management of entitlements by grouping them into roles that can be assigned to users who perform similar functions or have similar responsibilities. By using IT roles, administrators can effectively manage access, ensure compliance, and mitigate security risks.

Organization roles pertain more to the structural set-up of the organization within the IdentityIQ framework, aligning with organizational units, while business roles typically relate to more business-oriented functions and processes that do not necessarily focus solely on access rights. Entitlement roles, while they may sound similar, are not the specific classification used within SailPoint but instead reflect combinations of entitlements that might not have as direct a relationship to the technical aspects of access rights.