role mining

Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise. In a business setting, roles are defined according to job competency, authority and responsibility. The ultimate intent of role mining is to achieve optimal security administration based on the role each individual plays within the organization.

Role mining can be done in three ways, called bottom-up, top-down and by-example. In bottom-up role mining, users are given pre-existing roles based on their skills or duties. In top-down role mining, roles are formulated to match the skills or duties of individual users. In by-example role mining, roles are matched with user skills and duties as defined by managers.

Content Continues Below

Advantages of effective role mining include:

  • Optimal assignment of roles to user privileges
  • Identification of users who operate outside the normal pattern
  • Detecting and eliminating redundant or superfluous roles or user privileges
  • Keeping role definitions and user privileges up-to-date
  • Eliminating potential security loopholes and minimizing consequent risks
This was last updated in March 2008

Continue Reading About role mining

Dig Deeper on Privileged access management

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Hi, I am from the access governance team in my organization. I am currently looking into if we can implement the role mining process by using the access governance tool we have. I am from the access governance team, but I don't necessarily know all the permission and roles for all application in the enterprise. The application team would know their own applications the best. I am thinking if the application team should actually be running the process with us. Please advise with your experience, thanks.


File Extensions and File Formats

Powered by: