We have a client who has about 100,000 users. Each of those users are
identified by three demographic attributes: Department, Divison and job
title. There are hundreds of possible values between the three, which we
hoped to create an equal number of Level 30 birthright roles. So there
could be 100's of roles, some will have as many as 25,000 users assigned
to them, some with many fewer. The idea is that these roles will become
the parents of application roles associated with resources, assigned to
entitlements to grant something (most often an AD group membership).

So the question is one of scalability. We did a test and created a role
with 25K assignments and it was days to process. With this many roles
and assignments startup of this solution could be very drawn out. Is
there a practical limit here? What would affect it (number of roles,
number of assignments, inherited roles, etc.)


rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=49490