Abstract
We describe an access control architecture that targets large-scale network management solutions and other systems where there are many securable objects arranged in a natural hierarchy and where user roles are primarily broken down along a parallel hierarchy. In contrast to typical hierarchical role-based access control (HRBAC) systems, this design is based on a non-hierarchical role model connecting user groups, operations, and objects and infers privilege inheritance from the object hierarchy. Furthermore, this design treats user groups and user administrative operations in the same way as application objects and operations, enabling administrative delegation to arbitrary granularity with the same implicit role inheritance. This enables key use cases for large organizations or application service providers by allowing a single application instance to be shared among multiple noncoordinating users with fully delegated user management. We discuss the use of this design in a Lucent Worldwide Services (LWS) service offering.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
