Why 12 Weighted Labels Beat 10,847 Binary Permissions
More permissions ≠ More security.
Enterprise IAM systems advertise "fine-grained control" with 10,000+ discrete permissions. But granularity isn't about quantity—it's about expressiveness. A continuous dimension with 0.01 resolution expresses 100 states. Twelve such dimensions express 1012 states—10 trillion unique identities.
Traditional IAM gives you 10,847 light switches. FIM gives you 12 dimmer knobs. The dimmers are more expressive by a factor of 10 billion.
"10,847 fine-grained permissions for maximum control"
| Defined permissions | 10,847 |
| Actually used | 487 (4.5%) |
| Regularly checked | 156 (1.4%) |
| Meaningful combos | ~52 (0.5%) |
95.5% exists for "completeness"—creating complexity without security value.
12 continuous dimensions at 0.01 resolution
| Dimensions | 12 (weighted) |
| States per dimension | 100 |
| Total effective states | 1012 |
| All actively used | 100% |
Every label contributes. Nothing is vestigial.
Each unused permission is attack surface. Each redundant rule is audit complexity. Each overlapping policy is a conflict waiting to happen. Traditional IAM isn't just inefficient—it's actively dangerous.
Traditional IAM: 10,847 binary switches = 210847 theoretical states, but only ~500 actually used (role combinations). FIM: 12 weighted labels = 1012 practical states, all reachable.
| Aspect | Binary Permissions | Weighted Labels |
|---|---|---|
| State expression | ON or OFF | 0.00 to 1.00 (100 gradations) |
| Identity precision | "Has permission X" | "35% operator, 28% builder..." |
| Policy conflicts | Constant (overlapping rules) | Impossible (single vector) |
| Audit trail | Which rules fired? | Vector diff (one operation) |
| Access decision | O(n) rule traversal | O(1) vector comparison |
Every security system has gaps. The question isn't whether you have holes—it's whether you know where they are.
| Hole size variance | 1 to 523 permissions |
| Standard deviation | 47.3 |
| Predictability | None |
| Detection method | Penetration testing |
| Hole size | Exactly 0.694% each |
| Standard deviation | 0.0 |
| Predictability | 100% |
| Detection method | By design |
In FIM, the "H" (Hole) state is intentional. You declare where escalation paths exist. Traditional IAM discovers gaps through breaches. FIM designs them into the architecture.
Traditional IAM asks: "What is this user allowed to do?" (requires rule lookup)
FIM states: "This is what this user IS." (the vector is the policy)
The shift from "checking permissions" to "comparing shapes" is the same shift from "looking up words in a dictionary" to "recognizing a face." One is O(n), the other is O(1). One requires traversal, the other is immediate.
The 12×12 identity grid isn't a concept—it's running in your browser right now.
Watch Sarah Chen get access to the Q4 press release in one O(1) comparison.