RoleMiner: Mining Roles Using Subset Enumeration

Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. Essentially, there are two basic approaches to accomplish this: the top-down and the bottom-up. The top-down approach relies on a careful analysis of the business processes to define job functions and then specifies appropriate roles from them. While this approach can aid in defining roles more accurately, it is tedious and time consuming since it requires that the semantics of the business processes be well understood. Moreover, it ignores existing permissions within an organization and does not utilize them. On the other hand, the bottomup approach starts with existing permissions and attempts to derive roles from them, thus helping to automate role definition.