Abstract
Fine-grained access control for relational data defines user
authorizations at the tuple level. Role Based Access Control
(RBAC) has been proposed for relational data where roles
are allowed access to tuples based on the authorized view
defined by a selection predicate. During the last few years,
extensive research has been conducted in the area of role engineering.
The existing approaches for role engineering are
top-down (using domain experts), bottom-up (role-mining),
or a hybrid of both. However, no research has been conducted
for role engineering in relational data. In this paper,
we address this problem. The challenge is to extract an
RBAC policy with authorized selection predicates for users
given an existing tuple-level fine-grained access control policy.
We formulate the problem for relational data, propose a
role mining algorithm and conduct experimental evaluation.
Experiments demonstrate that the proposed algorithm can
achieve up to 400% improvement in performance for relational
data as compared to existing role mining techniques.