Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise. In a business setting, roles are defined according to job competency, authority and responsibility. The ultimate intent of role mining is to achieve optimal security administration based on the role each individual plays within the organization.
Role mining can be done in three ways, called bottom-up, top-down and by-example. In bottom-up role mining, users are given pre-existing roles based on their skills or duties. In top-down role mining, roles are formulated to match the skills or duties of individual users. In by-example role mining, roles are matched with user skills and duties as defined by managers.
Advantages of effective role mining include:
- Optimal assignment of roles to user privileges
- Identification of users who operate outside the normal pattern
- Detecting and eliminating redundant or superfluous roles or user privileges
- Keeping role definitions and user privileges up-to-date
- Eliminating potential security loopholes and minimizing consequent risks