Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Comparing Simple Role Based Access Control Models and Access Control Lists

Published

Author(s)

John Barkley

Abstract

The RBAC metaphor is powerful in its ability to express access control policy in terms of the way in which administrators view organizations. The functionality of simple Role Based Access Control (RBAC) models are compared to access control lists (ACL). A very simple RBAC model is shown to be no different from a group ACL mechanism from the point of view of its ability to express access control policy. RBAC is often distinguished from ACLs by the inclusion of a feature which allows a session to be associated with a proper subset of the roles (i.e., groups in ACL terms) authorized for a user. Two possible semantics for this feature are described: one which requires a similar amount of processing as that required by ACLs, and another which requires significantly more processing than that required by ACLs. In addition, the capability to define role hierarchies is compared to an equivalent feature in ACLs.
Proceedings Title
Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97)
Conference Dates
November 6-7, 1997
Conference Location
Fairfax, VA
Conference Title
Second ACM Workshop on Role-Based Access Control (RBAC '97)

Keywords

access control lists, ACL, RBAC, Role-Based Access Control

Citation

Barkley, J. (1997), Comparing Simple Role Based Access Control Models and Access Control Lists, Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC '97), Fairfax, VA, [online], https://doi.org/10.1145/266741.266769 (Accessed March 3, 2024)
Created November 7, 1997, Updated November 10, 2018