Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Role sprawl and AI-assisted access models: what changes now?


(@sailpoint)
Reputable Member
Joined: 1 year ago
Posts: 163
Topic starter  

TL;DR: Manual role modelling cannot keep pace with SaaS growth, joiner-mover-leaver churn, and acquisition-driven complexity, leaving organisations with stale, bloated roles and weak least-privilege outcomes, according to SailPoint. The governance challenge is not just faster role creation; it is replacing spreadsheet-era assumptions with a continuous access model that can stay current as the enterprise changes.

NHIMG editorial — based on content published by SailPoint: A day in the life with AI-powered identity security: Building a smarter access model

By the numbers:

Questions worth separating out

Q: How should security teams reduce role sprawl in large identity programmes?

A: Start by identifying duplicated roles, stale entitlements, and business units that create access models independently.

Q: Why does manual role engineering fail as organisations add more SaaS applications?

A: Manual role engineering depends on slow review cycles and human memory, while SaaS adoption changes access patterns continuously.

Q: How can organisations tell whether their access model is still trustworthy?

A: Look for signs that roles still match current business functions, that access is being used as intended, and that recertification produces meaningful exceptions rather than endless cleanup.

Practitioner guidance

What's in the full article

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

  • Role Discovery workflow details for building and refining access models in live environments
  • Examples of how role hygiene and role insights are used to right-size access over time
  • The human-in-the-loop review approach for approving AI-suggested role changes
  • Operational examples of how AI-assisted access modelling supports M&A onboarding and day-one access

👉 Read SailPoint's blog on AI-powered access modelling and role sprawl →

Role sprawl and AI-assisted access models: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Static role models are a governance liability once business change becomes continuous. The article correctly identifies that spreadsheet-era role engineering cannot absorb SaaS growth, M&A, and lifecycle churn at modern enterprise speed. A role catalogue that lags the business creates a false sense of control because recertification and least-privilege checks are made against outdated structures. The implication is that role governance has to be treated as a living control surface, not a periodic project.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage. That is why access modelling and identity hygiene cannot be separated in mature governance programmes.

A question worth separating out:

Q: Who should remain accountable when AI recommends access roles?

A: Identity and access governance teams should remain accountable for policy, approval, and risk acceptance. AI can surface patterns and reduce manual effort, but it cannot decide organisational tolerance for exception risk. Final authority needs to stay with the team that owns the access model, the audit trail, and the business context.

👉 Read our full editorial: AI-powered access modeling exposes the limits of role sprawl



   
ReplyQuote
Share: