Abstract

In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience and scalability, especially in decentralizing administrative authority, responsibility, and chores. This paper describes the motivation, intuition, and formal definition of a new role-based model for RBAC administration. This model is called ARBAC97 (administrative RBAC '97) and has three components: URA97 (user-role assignment '97), RPA97 (permission-role assignment '97), and RRA97 (role-role assignment '97) dealing with different aspects of RBAC administration. URA97, PRA97, and an outline of RRA97 were defined in 1997, hence the designation given to the entire model. RRA97 was completed in 1998. ARBAC97 is described completely in this paper for the first time. We also discusses possible extensions of ARBAC97.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.