What’s the difference between dynamic roles and data segmentation?
Hi @JeyanShanmugam ,
Dynamic roles- Dynamic roles allow you to grant birthright access based on definable role dimensions. The dimension criteria determine which users are assigned the dimension and are provisioned with the dimension’s access items. Dynamic roles provide more granular access and assignment options within a single role, instead of having multiple, separate roles with mostly overlapping access.
Data Segmentation: Data segmentation provides you with a policy driven, least privilege, data-level security control for administering entitlements and roles. It allows specific set of users who are assigned to segments should be able to see or raise access for the particular roles, entitlement or access profile.
For more info please find the attached link for your reference - Data Segmentation Overview - SailPoint Identity Services
IHTH 
1 Like
Dynamic Roles
What it is: Assigns access automatically based on attributes and dimensions within a single role.
Example: Store_Clerk_Role with dimensions for each store; clerks get access only for their store.
Data Segmentation
What it is: Limits what data a user can see or manage for least-privilege administration.
Example: HR sub-admin can manage only US Employees, not other regions.
Key Difference: Dynamic Roles = who gets access; Data Segmentation = what data is visible.
Thanks
1 Like