Towards an integrated approach to role engineering

Abstract

Although role-based access control has become a preferred method to manage access control, it constitutes a significant effort to develop and maintain a role structure. Role engineering, the process of defining roles and assigning permissions and users to the roles, aims to define an accurate and complete set of roles using a variety of inputs. In this paper, we describe a unified approach to role engineering supporting a combination of different methodologies, and its partial implementation in the IBM Tivoli Role Modeling Assistant, a role engineering platform reflecting the dual importance of top-down and bottom-up data collection and analysis. Data, imported from multiple sources such as LDAP registries, human resource extracts in CSV format as well as from interviews with the organization's users and subject matter experts, can be browsed, filtered, and visualized. Roles can be created and edited manually or generated automatically from mining results. © 2010 ACM.