The uses of role hierarchies in access control

ACM Workshop on Role-Based Access Control Pub Date : 1999-10-28 DOI:10.1145/319171.319186

J. Moffett, Emil C. Lupu

{"title":"The uses of role hierarchies in access control","authors":"J. Moffett, Emil C. Lupu","doi":"10.1145/319171.319186","DOIUrl":null,"url":null,"abstract":"The value of role-based access control (RBAC) is now well recognised. One aspect of it is the ability to make access decisions based upon the position of a role in a hierarchy. It is now recognised that there are some problems associated with this, because of the risk that these decisions may conflict with the control principles that are applied within an organisation. The aim of this paper is to identify the possible uses of role hierarchies in simplifying access rules, while remaining within the constraints of organisational control principles. We use the concept of authority state, i.e., the set of fixed and variable policies and rules in the system which influence the Reference Monitor's access decisions. We then consider the uses of role hierarchies in two separate contexts: first, within a static view of the authority state, where role hierarchies may be used by an access control decision facility; and second, as constraints upon permissible changes to the authority state. We conclude that role hierarchies have some possible uses within the static view, but that they are more important as a means of constraining the permissible changes to the authority state. We make proposals for further research on the place of role hierarchies in controlling change.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"83 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"82","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/319171.319186","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 82

Abstract

The value of role-based access control (RBAC) is now well recognised. One aspect of it is the ability to make access decisions based upon the position of a role in a hierarchy. It is now recognised that there are some problems associated with this, because of the risk that these decisions may conflict with the control principles that are applied within an organisation. The aim of this paper is to identify the possible uses of role hierarchies in simplifying access rules, while remaining within the constraints of organisational control principles. We use the concept of authority state, i.e., the set of fixed and variable policies and rules in the system which influence the Reference Monitor's access decisions. We then consider the uses of role hierarchies in two separate contexts: first, within a static view of the authority state, where role hierarchies may be used by an access control decision facility; and second, as constraints upon permissible changes to the authority state. We conclude that role hierarchies have some possible uses within the static view, but that they are more important as a means of constraining the permissible changes to the authority state. We make proposals for further research on the place of role hierarchies in controlling change.

查看原文本刊更多论文

访问控制中角色层次结构的使用

基于角色的访问控制(RBAC)的价值现在得到了很好的认识。它的一个方面是能够根据角色在层次结构中的位置做出访问决策。现在已经认识到与此相关的一些问题，因为这些决策可能与组织内部应用的控制原则相冲突。本文的目的是确定角色层次结构在简化访问规则方面的可能用途，同时保持在组织控制原则的约束范围内。我们使用权威状态的概念，即系统中影响Reference Monitor访问决策的一组固定的和可变的策略和规则。然后，我们考虑在两个不同的上下文中角色层次结构的使用:首先，在权限状态的静态视图中，角色层次结构可以由访问控制决策设施使用;第二，作为对权限状态允许的更改的约束。我们得出结论，角色层次结构在静态视图中有一些可能的用途，但它们更重要的是作为一种约束权限状态允许更改的手段。本文对角色层级在控制变革中的作用提出了进一步的研究建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Role-Based Access Control

自引率

0.00%

发文量