Sciweavers

RBAC
1998

Control Principles and Role Hierarchies

13 years 5 months ago
Control Principles and Role Hierarchies
Role-based access control (RBAC) has been introduced in the last few years, and offers a powerful means of specifying access control decisions. The model of RBAC usually assumes that, if there is a role hierarchy, then access rights are inherited upwards through the hierarchy. This paper examines the relationship between the inheritance properties of role hierarchies and control principles which are used in many large organisations: separation of duties; delegation; and supervision and review. It discusses possible relationships between roles and identifies three different kinds of role hierarchy. The control principles and role hierarchies are illustrated in a realistic application, and their interactions are discussed. It emerges that there may be conflict between control principles and the inheritance of access rights through a role hierarchy. Some ways in which role hierarchies can be used for safe inheritance of access rights are discussed.
Jonathan D. Moffett
Added 01 Nov 2010
Updated 01 Nov 2010
Type Conference
Year 1998
Where RBAC
Authors Jonathan D. Moffett
Comments (0)