Definition

role mining

Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise. In a business setting, roles are defined according to job competency, authority and responsibility. The ultimate intent of role mining is to achieve optimal security administration based on the role each individual plays within the organization.

Role mining can be done in three ways, called bottom-up, top-down and by-example. In bottom-up role mining, users are given pre-existing roles based on their skills or duties. In top-down role mining, roles are formulated to match the skills or duties of individual users. In by-example role mining, roles are matched with user skills and duties as defined by managers.

Advantages of effective role mining include:

  • Optimal assignment of roles to user privileges
  • Identification of users who operate outside the normal pattern
  • Detecting and eliminating redundant or superfluous roles or user privileges
  • Keeping role definitions and user privileges up-to-date
  • Eliminating potential security loopholes and minimizing consequent risks
This was last updated in March 2008

Continue Reading About role mining

Dig Deeper on Enterprise User Provisioning Tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hi, I am from the access governance team in my organization. I am currently looking into if we can implement the role mining process by using the access governance tool we have. I am from the access governance team, but I don't necessarily know all the permission and roles for all application in the enterprise. The application team would know their own applications the best. I am thinking if the application team should actually be running the process with us. Please advise with your experience, thanks.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close