Utilities for Role Based Access Control
Project description
RoleMiner
Python Implementation of the FastMiner and Optimal Boolean Matrix Decomposition/RMP algorithms for implementing Role Based Access Control, as described in the following papers:
- RoleMiner: Mining roles using subset enumeration
- Optimal Boolean Matrix Decomposition: Application to Role Engineering
Overview
The objective of Role Based Access Control (RBAC) is to determine the "best" set of roles that accurately describes user access without overfitting. In many ways this is similar to signal processing where "noise" (or one off permissions/entitlements) must be removed before the analysis is conducted, and then a series of candidate roles is generated on that cleaned data, since an exhaustive search of all possible roles is generally not possible (on the order of 2^n). Once the Candidate Roles are found, we can further structure Basic Role Mining Problem (RMP) beyond just "Find the smallest number of roles that describes the cleaned data" by relaxing constraints (aka Regularization).
Possible regularizers in layman's terms could be somethign like the following:
- "Roles must have at least 5 different entitlements, or we don't consider it a valid role"
- "We want to ignore roles are only valid for less than 3 users, except the admin role"
Broadly, iterating through this process of generating candidate roles and iterating through the best choices with different regularization terms is very similar to Simulated Annealing.
Installation
Install the latest version of the RoleMiner code & dependencies with pip:
$ pip install -U RoleMiner
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for RoleMiner-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2eb2bc4d978078454c67d8191c944eb6e3750f7f58ff22a2f669948f38ccea34 |
|
MD5 | 4fb648b7a7e17443208e3b57bdb5b0df |
|
BLAKE2b-256 | ce6e3eb9912a9f44d3301dc5b31cb324cf647e1f2d26050a9bce07f61160dd17 |