Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Role Control Center: Features and Case Studies



David F. Ferraiolo, Gail-Joon Ahn, Ramaswamy Chandramouli, Serban I. Gavrila


Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.
Proceedings Title
Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT '03)
Conference Dates
June 1-4, 2003
Conference Location
Conference Title
Eighth ACM Symposium on Access Control Models and Technologies (SACMAT '03)


Enterprise Security Management System, ERBAC, ESMS, RBAC, Role-Based Access Control


Ferraiolo, D. , Ahn, G. , Chandramouli, R. and Gavrila, S. (2003), The Role Control Center: Features and Case Studies, Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (SACMAT '03), Como, -1, [online], (Accessed June 16, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 4, 2003, Updated November 10, 2018