Authorization Robot

Beta phase

Role concepts, AI, Evolutionary Algorithms, role mining, semantics

The challenge of implementing the automatic authorization concept is that the new software must be able to process very large amounts of data. These data volumes are too large for the standard procedures for data analysis available in the scientific literature. Efficient matrix clustering methods are used here, which identify related departments/processes/patterns in the usage data as preprocessing, thus allowing a partitioning with as little information loss as possible and reducing the problem size.

Based on this partitioned usage data, an Evolutionary Algorithm is used to generate the best possible role concept for it. This "role mining problem", known from the literature, is assigned to the complexity class NP-complete. Therefore, the evolutionary approach as a metaheuristic method offers the right tool to approach efficiently and steadily an optimal solution. Furthermore, a constant interaction with the algorithm must be guaranteed in order to transfer existing consulting knowledge to the virtual consultant during a learning process.

In order to provide the Evolutionary Algorithm with suitable evaluation criteria for the role concepts, it requires additional complex modules that assist the main algorithm. Compliance can be given as an example here. A set of rules for all audit relevant conflicts and critical authorization combinations that allows the compliance of a role concept to be evaluated and optimized accordingly.

Automated evaluation of the semantic meaningfulness of roles is a much more difficult endeavor. So, are the generated roles also nameable, i.e. could a human give a semantically meaningful name to the role and its content? Here, we use a machine learning method, more precisely neural networks, to learn the experience of consultants and experts from previous projects and other sources, so that this module can evaluate whether a role can be named by a human and, if so, which name makes sense.

Current project status

100% Complete

The research project AutoBer

Innovation with Karlsruhe University of Applied Sciences and SIVIS

The goal of the "AutoBer" project is to develop and implement an automated system that can independently propose role and authorization concepts. This should be able to be operated intuitively by any end user without much technical background knowledge, so that the otherwise usual, lengthy consulting projects are simplified and shortened. The automatic creation of practical ERP role concepts is a novelty in industry and science.


Original only available in German language

Advantages of the Authorization Robot

Automated authorization concepts simple, secure and fast

  • Reduced project times        
  • Reduced consultant hours        
  • Cleanup of role concepts         
  • Manual work is eliminated         
  • High quality standards are easy to meet         
  • Simplifies the restructuring of authorizations         
  • More individual opportunities for influence as a customer         
  • Less departmental reconciliations         
  • Continuous optimization

"The Authorization Robot has the potential to transform the market for authorization redesigns and fundamentally change the approach to such projects.

MATTHIAS BEIL | Developer research project

"Hi, I'm Robby."

This is how the Authorization Robot works

First insights 

With the first functions you will get an idea of the possibilities the Authorization Robot will offer in the future. Beside a clear dashboard, a variety of diagrams and views, direct influence on the automated role creation is enabled.

Calculation dashboard

Here, the development of various key figures of the generated role concepts over a period of time is shown. This makes it possible to control the direction of the optimization during the calculation in order to be able to readjust at an early stage if necessary.

A concrete solution proposal, i.e. a possible role concept, is visualized here comprehensively as a graph. Thus, complex relationships and patterns in the roles and their assignments can be clearly displayed.

Graph view


The used web technologies also enable completely new forms of visualization on authorization level, which can convey complex contents and information in a structured and compact way.

Another suitable form of visualization is the tree map. The contents and tasks of even extensive roles quickly become clear here.

Tree map

Planned go-live


Beta testing

Do you want to become a beta tester?

This is a unique opportunity to actively participate as a pioneer in this groundbreaking project.

Limited capacity available.