Role Based Access Control (RBAC) has become the de facto access control model in recent years. In order to deploy RBAC, organizations have to define a set of roles from the existing user-permission assignment relationships, the process of which is called role mining. There have been many role mining algorithms proposed to devise a complete and correct set of roles which may not be necessary because the user-permission assignment (UPA) relationships are dynamic. In this paper, we define the evaluation criterion and the 6-Approx Important Role Mining Problem (6-IRMP) which is proved to be NP-complete first, then we propose a heuristic bottom-up role mining approach that reduces the total number of roles with important assignments and permissions preserved. Furthermore, we carry out the experiments with public datasets to evaluate our approach and the experimental results compared with other algorithms demonstrate the effectiveness of our proposed approach.
展开▼
