Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The NIST Model for Role-Based Access Control: Towards a Unified Standard

Published

Author(s)

R. Sandhu, David F. Ferraiolo, D. Richard Kuhn

Abstract

This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called flat RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising flat and hierarchical RBAC in an ordered sequence and two unordered features--constraints and symmetry--is also presented. The paper furthermore identifies important attributes of RBAC not included in the NIST model. Some are not suitable for inclusion in a consensus document. Others require further work and agreement before standardization is feasible.
Proceedings Title
Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC '00)
Conference Dates
July 26-27, 2000
Conference Location
Berlin, DE
Conference Title
Fifth ACM Workshop on Role-Based Access Control (RBAC '00)

Keywords

RBAC, Role Based Access Control, standards, unified model

Citation

Sandhu, R. , Ferraiolo, D. and Kuhn, D. (2000), The NIST Model for Role-Based Access Control: Towards a Unified Standard, Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC '00), Berlin, DE, [online], https://doi.org/10.1145/344287.344301, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916402 (Accessed April 23, 2024)
Created July 25, 2000, Updated October 12, 2021