Jansen, W.
(1998),
A Revised Model for Role-Based Access Control, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.6192
(Accessed October 27, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Revised Model for Role-Based Access Control
Published
Author(s)
Abstract
Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. This report focuses on an RBAC model originally proposed by Ferraiolo and others at NIST, and formulates a revised model that fixes noted discrepancies, incorporates features from related models, and addresses new properties regarding role hierarchies. Possible future extensions to the revised model and the motivation for them are also discussed. Finally, a subset of the properties defined in the revised model is proposed as the criteria for determining whether an implementation should be classified as an RBAC system.Citation
NIST Interagency/Internal Report (NISTIR) - 6192
Report Number
6192
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
formal models, RBAC, Role Based Access Control, security mechanisms
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created July 9, 1998, Updated November 10, 2018