|
Abstract : |
In role-based access control (RBAC) permissions are associated with roles, and users are made members of roles thereby acquiring the roles ' permissions. The motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience, especially in decentralizing administrative authority, responsibility and chores. This paper describes the motivation, intuition and outline of a new model for RBAC administration called ARBAC97 (administrative RBAC '97). ARBAC97 has three components: URA97 (user-role assignment '97), PRA97 (permissionrole assignment '97) and RRA97 (role-role assignment '97). URA97 was recently de ned by Sandhu and Bhamidipati [SB97]. ARBAC97 incorporates URA97, builds upon it to de ne PRA97 and some components of RRA97, and introduces additional concepts in developing RRA97., |
