Role activation hierarchies

Abstract

The concept of a role hierarchy (that is, partial order) is often included in role-based access control (RBAC) models and systems. In current practice the same hierarchy is typically used for two distinct purposes. Members of a senior role in the hierarchy inherit permissions from juniors. We call this the usage (or permissionusage) aspect of role hierarchies. Membership in a senior role also authorizes users to activate junior roles. For purpose of least privilege a user may choose to activate only a junior role on a particular occasion, leaving the senior roles dormant. We call this the activation (or role-activation) aspect of role hierarchies. In this paper we introduce and motivate the idea that there are useful situations where these two hierarchies should not be identical, and the activation hierarchy should extend the inheritance hierarchy. In particular we explore RBAC with respect to read-write access, and its relationship to traditional lattice-based access control or LBAC (also known as mandatory access control). More generally, we consider roles that are required to have dynamic separation of duty.