A definition by extrapolation:
Data mining is the use of automated data analysis techniques to uncover previously undetected relationships among data items. Data mining often involves the analysis of data stored in a data warehouse. So, role mining = the use of automated data analysis techniques to uncover previously undetected relationships among users and entitlements (resources, permissions/privileges/rights). Role mining involves the analysis of user information (attributes and) stored in a various systems.
It is obvious how one can use data mining to perform privilege-to-role assignment. But user-to-role can only be done from a business point of view. And it implies careful analysis of the business processes to define job functions and then specify appropriate roles from them. While this approach can be quite accurate, it is tedious and time consuming since it requires understanding the business semantics. Unless using text mining I don’t think this can be defined as role mining.
Distinctions to be made:
- Role Mining = bottom up
- Role Engineering [?] = top down
- Role definition [?] = both
You can do top-down role modeling (you call it role engineering) using same pattern recognition technologies that are used for role mining. Simply apply these to the individual attributes of the user (sometimes called RULE mining), or to “structures” (e.g., hierarchy, matrix, etc.).
Comment by Ron Rymon — October 11, 2008 @ 6:22 am