Anthropic-Cybersecurity-Skills/skills/building-role-mining-for-rbac-optimization/references/api-reference.md

API Reference: Role Mining for RBAC Optimization

Input Format (CSV)

user,entitlement,system
john.doe,read_files,FileServer
john.doe,write_files,FileServer
jane.smith,read_files,FileServer

Role Mining Algorithms

Bottom-Up Mining

Finds exact permission sets shared by >= N users.

• Input: user-permission matrix
• Output: candidate roles with exact permission sets
• Parameter: min_users (default: 2)

Top-Down Mining (Jaccard Clustering)

Groups users by permission similarity.

Jaccard(A, B) = |A ∩ B| / |A ∪ B|

• Threshold >= 0.8: strict similarity
• Threshold >= 0.6: moderate clustering

Optimization Metrics

Metric	Description
Total Assignments	Sum of all user-permission pairs
Candidate Roles	Discovered role count
Role Coverage	Users assigned to candidate roles
Avg Permissions/User	Assignment density
Outlier Count	Users with unique permissions

SailPoint IdentityNow Role Mining API

POST https://{tenant}.api.identitynow.com/beta/role-mining-sessions
Authorization: Bearer TOKEN
{
  "scope": {"included": {"identityIds": [...]}},
  "minEntitlementPopularity": 2,
  "pruneThreshold": 50
}

SailPoint Role Mining Status

GET /beta/role-mining-sessions/{sessionId}
GET /beta/role-mining-sessions/{sessionId}/potential-roles

CyberArk Identity Role Optimization

GET /Roles/GetRoleMembers?name={role}
POST /Roles/OptimizeRoles
{"minUsers": 3, "maxRoles": 50}

NIST RBAC Model Levels

Level	Description
Core RBAC	Users, roles, permissions, sessions
Hierarchical	Role inheritance
Constrained	Separation of duty (SoD)
Symmetric	Permission-role review