Permission Inheritance Expression with Role Hierarchy of RBAC


The Transactions of the Korea Information Processing Society (1994 ~ 2000), Vol. 7, No. 7, pp. 2125-2134, Jul. 2000
10.3745/KIPSTE.2000.7.7.2125,   PDF Download:

Abstract

RBAC (Role Based Access Control) has the advantage that reflects the real world because it presents a basic access control model based on user''s role in organizations or governments. But in RBAC model, the privileges of the senior roles in these hierarchies are inherited from those of the junior roles, so RBAC model has the privileges problem that the senior are given more privileges than they need. That is, it tends to infringe the Principle of Least Privilege. On the other hand, if we give some excessive constraints on the RBAC model without scrupulous care, it may be meaningless property of role hierarchies. Furthermore, such complicated constraints make it more difficult to manage resources and roles in huge enterprise environments. The purpose of this paper is to solve the problems of roles hierarchies such as inefficient role managements and abuse of privileges by using newly presented the backward tag pointer path expression in the inheritance of privileges.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
S. H. Lee, I. J. Jo, E. H. Cheon, D. K. Kim, "Permission Inheritance Expression with Role Hierarchy of RBAC," The Transactions of the Korea Information Processing Society (1994 ~ 2000), vol. 7, no. 7, pp. 2125-2134, 2000. DOI: 10.3745/KIPSTE.2000.7.7.2125.

[ACM Style]
Sang Ha Lee, In June Jo, Eun Hong Cheon, and Dong Kyoo Kim. 2000. Permission Inheritance Expression with Role Hierarchy of RBAC. The Transactions of the Korea Information Processing Society (1994 ~ 2000), 7, 7, (2000), 2125-2134. DOI: 10.3745/KIPSTE.2000.7.7.2125.