Abstract—Role-based access control (RBAC) is very widely used but has notable limitations, prompting a shift towards attribute-based access control (ABAC). However, the cost of developing an ABAC policy can be a significant obstacle to migration from RBAC to ABAC. This paper presents the first formal definition of the problem of mining ABAC policies from RBAC policies and attribute data, and the first algorithm specifically designed to mine an ABAC policy from an RBAC policy and attribute data