Role based access control is well accepted as the standard best practice for access control within applications and organizations. Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. The essential question is how to devise a complete and correct set of roles -- this depends on how you define goodness/interestingness (when is a role good / interesting?). We formulate the role mining problem (RMP) as a boolean matrix decomposition problem. The optimal decomposition corresponds to an optimal set of roles that can describe the existing user permissions. In addition to the basic RMP, we introduce several different variations of the RMP, including an extended boolean matrix decomposition that has pragmatic implications. By placing this in the context of boolean matrix decomposition, our results are applicable to several other domains including text mining, and knowledge discovery from databases.
Wednesday, February 08, 2012
Free and open to the public