Hitachi ID Systems, Inc.

Hitachi

Community Security Concepts
certification

Too many passwords?

Is your help desk slammed by password reset calls?

Read more about P-Synch.

Still waiting for a new account?

Does it take too long to provision new users with accounts? Are your systems cluttered with orphan accounts?

Read more about ID-Synch.

Definition of Role Mining

Role definitions must be entered into a user provisioning system. Since there may be many Roles representing many groups of users, it makes sense to analyze existing data about user-to-resource assignment, drawn from target systems, to streamline this process.

The process of mining actual user-to-resource mapping data to extract role definitions is called Role Mining.

There are three approaches to Role Mining:

  1. Top-down Role Mining: identify sets of identifying attributes that should collect users with identical Resource requirements. Define a Role based on the common rights that matching users have.
  2. Bottom-up Role Mining: identify sets of Resources that should appear together, define them as Roles, and search for users who have these Resources, and consequently should be assigned the Roles.
  3. By Example Role Mining: ask managers to identify which of their subordinates do the same job. Check to see if those users have the same Privileges. If they do, define a Role to represent that group of users and attach the users to the Role. Optionally, seek out users who report to other managers that have the same Privileges, and attach them as well.