Role mining based on permission cardinality constraint and user cardinality constraint

Constraint is an essential aspect of RBAC and is sometimes argued to be the principle motivation for RBAC. However, most of role mining algorithms don’t consider the constraint. Furthermore, they just compare the least cost of the authorization process while don’t consider how to assess the accuracy of the derived role state, thus providing the motivation for this work. In this paper, we first define a wide variety of constraints, especially the permission cardinality constraint and user cardinality constraint. We further propose a role mining algorithm to generate roles based on these two kinds of cardinality constraint that considers the similarity between roles in the process of merging roles in order to improve the accuracy of the role state at the same time. Finally, we carry out the experiments to evaluate our approach. The experimental results demonstrate the effectiveness of our proposed algorithm. Copyright c ⃝ 2010 John Wiley & Sons, Ltd.