Policy analysis for self-administrated role-based access control