An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Implementing Role-Based Access Control Using Object Technology
Published
Author(s)
John Barkley
Abstract
With Role Based Access Control (RBAC), each role is associated with a set of operations which a user in that role may perform. The power of RBAC as an access control mechanism is the concept that an operation may theoretically be anything. This is contrasted to other access control mechanisms where bits or labels are associated with information blocks. These bits or labels indicate relatively simple operations, such as, read or write, which can be performed on an information block. Operations in RBAC may be arbitrarily complex, e.g., 'a night surgical nurse can only append surgical information to a patient record from a workstation in the operating theater while on duty in that operating theater from midnight to 8 AM.' A goal for implementing RBAC is to allow operations associated with roles to be as general as possible while not adversely impacting the administrative flexibility or the behavior of applications.
Proceedings Title
Proceedings of the First ACM Workshop on Role-Based Access Control (RBAC)
Volume
II
Conference Dates
November 30-December 1, 1995
Conference Location
Gaithersburg, MD
Conference Title
First ACM Workshop on Role-Based Access Control (RBAC)
Barkley, J.
(1995),
Implementing Role-Based Access Control Using Object Technology, Proceedings of the First ACM Workshop on Role-Based Access Control (RBAC), Gaithersburg, MD, [online], https://doi.org/10.1145/270152.270192
(Accessed December 13, 2024)