Although roles-based access control (RBAC) has been the subject of much interest in the past, experience with it has been mostly disappointing. The challenge of discovering established roles, defining new roles according to business need, connecting roles properly to the IT infrastructure, ensuring that they meet all compliance requirements, and managing roles through their natural lifecycles has, until now, proved to be too complicated and cumbersome to be practical.

However, a new roles-based model of access governance has evolved that overcomes these problems with a policy based approach that provides insight into role relevancy and effectiveness and enables comprehensive role lifecycle management from discovery through retirement, which heretofore has been lacking in roles-based access systems.