I am working on a role mining project,the data size is not really very big
,but it's a little bit challenging because the customer doesn't have a very
clear picture on the end goal -- a "figure this mess out and surprise us"
kind of situation. So any input would be much appreciated!
*The Problem:
We have a very complex data system on mainframes, RBAC (role-based-access-
control) has morphed into a mess over the past decades.
Access control components include: datasets, special commands that can be
run over the datasets, privileges, system userIDs, system groups, employee
IDs, employee groups.
Joining all the access control settings together into an access matrix is
trivia, the end result is approximately 10,000 x 5000.
In general, the principle of least privilege needs to be enforced.
The basic goal is to optimize the RBAC settings.
*The Challenge:
End user doesn't really know exactly what they want, however this needs a
lots of interactions with them.
*Some of my thoughts:
1. Identify the duplicate and redundant access groups as candidates for
removal.
2. Identify the users with unusual privilege settings for customer's review.
3. Based on the current privileges, identify a global default role for all
the users.
4. Based on the current privileges, identify a departmental default roles.