Every day, across a wide range of industries, companies must adapt employee access profiles to reflect changes in authorization requirements. A key challenge lies in translating the needs of an employee to a technical authorization concept. Due to the rise of generative AI, it makes sense to consider Large Language Models (LLMs) for processing permission requests. This is especially relevant in large-scale access control environments, where the high number of permissions and roles makes oversight difficult for human administrators. Thus, in this contribution, we conduct quantitative research and test whether LLMs are suitable for permission request processing. We find that when embedding an access control document, an LLM performs quite well when translating a permission request into the required permission but struggles with suggesting a suitable role. We show that instead of using an LLM for both permission and role suggestions, it is more efficient to apply a hybrid approach, and first apply an LLM-based permission translation and then algorithmically search for a role that contains the translated permission.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Automating Access: LLM-Based Permission Request Processing for the Enterprise

  • Maximilian Niedermeier,
  • Holger Wittges,
  • Stefanie Rinderle-Ma

摘要

Every day, across a wide range of industries, companies must adapt employee access profiles to reflect changes in authorization requirements. A key challenge lies in translating the needs of an employee to a technical authorization concept. Due to the rise of generative AI, it makes sense to consider Large Language Models (LLMs) for processing permission requests. This is especially relevant in large-scale access control environments, where the high number of permissions and roles makes oversight difficult for human administrators. Thus, in this contribution, we conduct quantitative research and test whether LLMs are suitable for permission request processing. We find that when embedding an access control document, an LLM performs quite well when translating a permission request into the required permission but struggles with suggesting a suitable role. We show that instead of using an LLM for both permission and role suggestions, it is more efficient to apply a hybrid approach, and first apply an LLM-based permission translation and then algorithmically search for a role that contains the translated permission.