Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)

In Role Based Access Control (RBAC) systems, formulating a correct set of roles, assigning appropriate privileges to roles, and assigning roles to users are the fundamental design tasks. Whether these tasks are performed by a human (e.g., system administrator) or by a machine (e.g., expert system), misconfigurations are likely to occur. The misconfigurations could manifest as under-privileges (fewer privileges assigned) or over-privileges (more privileges than necessary). In this paper, we describe an approach based on role mining to detect and correct such misconfigurations. Here, the overlap among the users and privileges of different roles is used to identify possible misconfigurations.