In recent years, numerous commercial and experimental Role-Based Access Control (RBAC) implementations have emerged. Central to several of these RBAC systems are administrative facilities for displaying and managing user/role and role/privileges, and their inheritance relationships. Although these systems provide a powerful and intuitive interface for navigating through and managing authorization data, they lack support for multiple inheritance of user and privilege relationships. As a consequence, these systems are limited in their expressive power in composing the role and role relations characteristic of the organization and business structures for which these roles are intended to model. In this paper wedescribe a graph centric RBAC implementation, referred to as the Role Control Center (RCC), that solves the multiple inheritance problem. RCC takes further advantage of multiple inheritance properties by introducing individual users directly into the role graph as user-roles. As such, RCC ensures uniform treatment of the privileges that are unique to a user and the privileges that are assigned to a role. In addition, RCC introduces the concept of a role view that is used in the delegation of administrative responsibilities, and for the instantiation of RBAC users and roles as users and groups on target systems.
Proceedings Title: 5th ACM Workshop on Role Based Access Control
Conference Dates: July 26-27, 2000
Conference Location: Berlin,
Pub Type: Conferences
access control, authorization management, role-based access control