Term · 9. Business Processes & Methodology
Role Explosion
Definition
Pathology of RBAC implementations where role count grows uncontrollably — each exception or special case spawns a new role. Symptoms: thousands of roles with few members each, near-duplicate roles, role names indecipherable to business users. Defeats the management-simplification benefit of RBAC.
- Application
- MidPoint: Unreasonable multiplication of the number of roles in role-based access control (RBAC) systems.
- Standards & regulations
-
- NIST SP 800-162 «roles that are ad hoc and limited in membership, leading to what is often termed “role explosion”.»
- Sources
-
- NIST SP 800-162 ABAC (csrc.nist.gov) primary source
Related terms
-
Cloud Data Access Governance
Discovery, classification, and access control for sensitive data across cloud data stores (S3, Snowflake, BigQuery, Data …
-
Consent for PD Processing
In MidPoint, **Consent management** is the functionality for recording, tracking, and evaluating an individual's consent …
-
Continuous Adaptive Trust
Authentication and authorization paradigm where trust is recomputed continuously throughout a session based on real-time …
-
Role Mining (RM)
Analytical process of discovering role patterns by analyzing existing access data — clustering users with similar entitl …
-
SoD Conflict
Combination of access rights that violates Separation of Duties — same identity has permissions that should never coexis …
-
AI-Driven Access Policy Optimization
ML-driven analysis of historical access patterns to recommend least-privilege policy refinements — flagging permissions …