Bottom Up Role Mining Overview

Owned by Phillip Hanegan
Last updated: Oct 02, 2024
2 min read

After completing top-down role mining, much of each user’s access is delivered and controlled through Business Roles. While the top-down model optimizes access based on defined organizational roles, some access remains unoptimized. This unoptimized access often includes less structured team or matrix-based assignments and exceptions. To address these, EmpowerID employs a technique known as Bottom-Up Analytical Role Mining.

Bottom-up role mining is a multi-step process involving the creation, execution, and analysis of Role Mining Campaigns. These campaigns leverage powerful machine learning algorithms to analyze entitlement and user data, producing optimal candidate roles containing user combinations and entitlements.

Role Mining Campaigns

In EmpowerID, the process of bottom-up role mining can be summarized as follows:

  1. Create and Configure Role Mining Campaigns: You begin by selecting individuals, attributes, and entitlements based on role-based access control (RBAC) groupings. This might include all users in specific Business Roles, Locations, Query-Based Collections, or Group memberships. Compiling these campaigns captures the entitlements and attributes of each user within the specified RBAC grouping and saves that data to the EmpowerID Identity Warehouse.

  2. Review Compiled Data and Create Runs: After compiling the campaign data, you can review and, if necessary, segment it into subsets. When ready, you create "runs," which generate candidate roles containing the specified users and entitlements.

  3. Analyze and Publish Candidate Roles: Finally, you analyze the run results. You can discard or publish the candidate roles created during this process.

The image below illustrates two Role Mining campaigns. In the first campaign, candidate roles are analyzed to create a standalone Management Role and a Management Role mapped to an existing Business Role and Location. In the second campaign, candidate roles led to the creation of a standalone management role and a new business role and location.




Next Steps

Configure Role Mining

Create Campaigns

Configure Campaigns

Compile Campaigns

Analyze Run Results

Publish Candidate Roles