Role mining with ORCA.
ABSTRACT With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Rol...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Text |
Language: | English |
Published: |
ACM.
2005
|
Subjects: | |
Online Access: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1068.6190 http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf |
id |
ftciteseerx:oai:CiteSeerX.psu:10.1.1.1068.6190 |
---|---|
record_format |
openpolar |
spelling |
ftciteseerx:oai:CiteSeerX.psu:10.1.1.1068.6190 2023-05-15T17:53:34+02:00 Role mining with ORCA. Jürgen Schlegelmilch Ulrike Steffens The Pennsylvania State University CiteSeerX Archives 2005 application/pdf http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1068.6190 http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf en eng ACM. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1068.6190 http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf Metadata may be used without restrictions as long as the oai identifier remains attached to it. http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf text 2005 ftciteseerx 2020-04-26T00:16:11Z ABSTRACT With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Rolebased access control (RBAC) has proven to be a solution to this problem but relies on a well-defined set of role definitions, a role concept for the enterprise in question. The definition of a role concept (role engineering) is a difficult task traditionally performed via interviews and workshops. However, often users already have the permissions that they need to do their jobs, and roles can be derived from these permission assignments using data mining technology, thus giving the process of role concept definition a head-start. In this paper, we present the ORCA role mining tool and its algorithm. The algorithm performs a cluster analysis on permission assignments to build a hierarchy of permission clusters and presents the results to the user in graphical form. It allows the user to interactively add expert knowledge to guide the clustering algorithm. The tool provides valuable insights into the permission structures of an enterprise and delivers an initial role hierarchy for the definition of an enterprise role concept using a bottom-up approach. Text Orca Unknown |
institution |
Open Polar |
collection |
Unknown |
op_collection_id |
ftciteseerx |
language |
English |
description |
ABSTRACT With continuously growing numbers of applications, enterprises face the problem of efficiently managing the assignment of access permissions to their users. On the one hand, security demands a tight regime on permissions; on the other hand, users need permissions to perform their tasks. Rolebased access control (RBAC) has proven to be a solution to this problem but relies on a well-defined set of role definitions, a role concept for the enterprise in question. The definition of a role concept (role engineering) is a difficult task traditionally performed via interviews and workshops. However, often users already have the permissions that they need to do their jobs, and roles can be derived from these permission assignments using data mining technology, thus giving the process of role concept definition a head-start. In this paper, we present the ORCA role mining tool and its algorithm. The algorithm performs a cluster analysis on permission assignments to build a hierarchy of permission clusters and presents the results to the user in graphical form. It allows the user to interactively add expert knowledge to guide the clustering algorithm. The tool provides valuable insights into the permission structures of an enterprise and delivers an initial role hierarchy for the definition of an enterprise role concept using a bottom-up approach. |
author2 |
The Pennsylvania State University CiteSeerX Archives |
format |
Text |
author |
Jürgen Schlegelmilch Ulrike Steffens |
spellingShingle |
Jürgen Schlegelmilch Ulrike Steffens Role mining with ORCA. |
author_facet |
Jürgen Schlegelmilch Ulrike Steffens |
author_sort |
Jürgen Schlegelmilch |
title |
Role mining with ORCA. |
title_short |
Role mining with ORCA. |
title_full |
Role mining with ORCA. |
title_fullStr |
Role mining with ORCA. |
title_full_unstemmed |
Role mining with ORCA. |
title_sort |
role mining with orca. |
publisher |
ACM. |
publishDate |
2005 |
url |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1068.6190 http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf |
genre |
Orca |
genre_facet |
Orca |
op_source |
http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf |
op_relation |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1068.6190 http://www.sis.pitt.edu/jjoshi/courses/IS2620/Spring09/schlegelmilch.pdf |
op_rights |
Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
_version_ |
1766161278619877376 |