In Role-Based Access Control (RBAC), users acquire permissions through their assigned roles. Role mining, the process of finding a set of roles from direct user-permission assignments, is essential for successful implementation of RBAC. In many organizations it is often required that users are given permissions that can vary with time. To handle such requirements, temporal extensions of RBAC like Temporal-RBAC (TRBAC) and Generalized Temporal Role-Based Access Control (GTRBAC) have been proposed. Existing role mining techniques, however, cannot be used to process the temporal element associated with roles in these models. In this paper, we propose a method for mining roles in the context of TRBAC. First we formally define the Temporal Role Mining Problem (TRMP), and then show that the TRMP problem is NP-complete and present a heuristic approach for solving it.
展开▼
