Automated organizational role modeling for role based access controls
First Claim
1. A method for generating a role based access control model, the method comprising:
- accessing existing permissions granted to users in an organizational environment;
analyzing the permissions to create permission characteristics;
performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and
generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment.
5 Assignments
0 Petitions
Accused Products
Abstract
Generally speaking, systems, methods and media for automatically generating a role based access control model (RBAC) for an organizational environment with a role based access control system such as a hierarchical RBAC (HRBAC) system are disclosed. Embodiments may include a method for generating an RBAC model. Embodiments of the method may include accessing existing permissions granted to users of an organizational environment and analyzing the permissions to create permission characteristics. Embodiments of the method may also include performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment. Embodiments of the method may also include generating an RBAC model based on the determined role perspective relationships between individual users of the organizational environment. Further embodiments of the method may include where generating the RBAC model includes generating a cladogram based on the determined role perspective relationships.
66 Citations
20 Claims
-
1. A method for generating a role based access control model, the method comprising:
-
accessing existing permissions granted to users in an organizational environment; analyzing the permissions to create permission characteristics; performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product comprising a computer-useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
accessing existing permissions granted to users in an organizational environment; analyzing the permissions to create permission characteristics; performing cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and generating a role based access control model for the organizational environment based on the determined role perspective relationships between individual users of the organizational environment. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A hierarchical role based access control (HRBAC) modeling system, the system comprising:
-
an environment interface module to receive an indication of existing permissions granted to users in an organizational environment; a role mining module in communication with the environment interface module to analyze the permissions to create permission characteristics and to perform cladistics analysis on the permission characteristics to determine role perspective relationships between individual users of the organizational environment; and a role perspective analyzer module in communication with the role mining module to generate a role based access control model based on the determined role perspective relationships. - View Dependent Claims (14, 15, 16)
-
-
17. A method for providing a hierarchical role based access control (HRBAC) model service to a client, the method comprising:
-
receiving an indication of existing permissions granted to users of an organizational environment of the client; analyzing the permissions to create permission characteristics; performing cladistics analysis on the permission characteristics and generating an HRBAC model specifying role perspective relationships between individual users of the client organizational environment; and providing the generated HRBAC model to the client. - View Dependent Claims (18, 19, 20)
-
Specification