Modern day IAG delusions
“HR is the source of truth” –> Really? Are they reliable? Timely? Do they know about contractors? Vendors? Are they a willing participant in non-HR processes (such as access management)?
“Job title determines role” –> Really? Who defines job titles? What governance process determines what titles are valid and who can get which ones? How are they updated? Is the level of granularity of the random string of text on my business cards really the same as my access rights?
“Just define and assign roles, then all the access rights problems will be solved.” –> Really? You think the access rights of back-office workers are easily compartmentalized, well defined and static, so that they can be trivially assigned via roles?