mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 06:34:57 +03:00
mukul975
83 lines
2.9 KiB
Markdown
83 lines
2.9 KiB
Markdown
# Role Mining for RBAC Optimization - Workflows
|
|
|
|
## End-to-End Role Mining Workflow
|
|
|
|
```
|
|
Phase 1: DATA COLLECTION (Week 1-2)
|
|
├── Export user-permission data from all identity sources
|
|
│ ├── Active Directory group memberships
|
|
│ ├── Cloud IAM role assignments
|
|
│ ├── Application-level permissions
|
|
│ └── Database access grants
|
|
├── Collect HR data (job titles, departments, cost centers)
|
|
├── Normalize data into User-Permission Assignment (UPA) matrix
|
|
└── Clean data: remove disabled accounts, system accounts
|
|
|
|
Phase 2: ANALYSIS (Week 3-4)
|
|
├── Run clustering algorithms (hierarchical, k-means)
|
|
├── Run Formal Concept Analysis for exact role candidates
|
|
├── Compare results using WSC and coverage metrics
|
|
├── Identify optimal number of roles via silhouette analysis
|
|
└── Map candidate roles to organizational structure
|
|
|
|
Phase 3: VALIDATION (Week 5-6)
|
|
├── Present candidate roles to business unit managers
|
|
├── Validate each role against job descriptions
|
|
├── Identify and resolve outlier permissions
|
|
├── Define role hierarchy (inheritance relationships)
|
|
└── Agree on role names and descriptions
|
|
|
|
Phase 4: IMPLEMENTATION (Week 7-8)
|
|
├── Create roles in identity governance platform
|
|
├── Assign users to validated roles
|
|
├── Remove individual permission assignments
|
|
├── Test access for sample users in each role
|
|
└── Document role definitions and approval chain
|
|
|
|
Phase 5: GOVERNANCE (Ongoing)
|
|
├── Monitor for permission drift
|
|
├── Quarterly role effectiveness review
|
|
├── Re-run mining annually to detect new patterns
|
|
└── Track role count and WSC metrics over time
|
|
```
|
|
|
|
## Data Normalization Workflow
|
|
|
|
```
|
|
Raw Data Sources
|
|
│
|
|
├── AD: user → group → permissions
|
|
│ Normalize to: user_id, permission_id
|
|
│
|
|
├── AWS: user/role → policy → actions
|
|
│ Normalize to: user_id, permission_id
|
|
│
|
|
├── Azure: user → role → permissions
|
|
│ Normalize to: user_id, permission_id
|
|
│
|
|
└── Applications: user → app_role → features
|
|
Normalize to: user_id, permission_id
|
|
|
|
Merge all sources → Deduplicate → Create UPA matrix
|
|
```
|
|
|
|
## Role Consolidation Workflow
|
|
|
|
```
|
|
Mining produces N candidate roles
|
|
│
|
|
├── Remove roles with < 3 users (outliers)
|
|
│
|
|
├── Merge roles with > 90% Jaccard similarity
|
|
│
|
|
├── Identify hierarchical relationships:
|
|
│ └── If Role A permissions ⊂ Role B permissions
|
|
│ → Role A is junior to Role B
|
|
│
|
|
├── Check for SoD violations:
|
|
│ └── Does any role combine conflicting permissions?
|
|
│ → Split into separate roles if needed
|
|
│
|
|
└── Final role set with hierarchy and constraints
|
|
```
|