Towards a more complete model of role

Abstract

In order to manage the use of roles for the purpose of access control, it is important to look at attributes beyond the consideration of capability assignment. Fundamentally, a generic attribute description using a constraint-based approach will allow many of the important aspects of role, such as scope, activation and deactivation, to be included. Furthermore, the commonly accepted concept of role hierarchy is challenged from the point of view of subsidiarity in real organisations, with the suggestion that role hierarchy has limited usefulness that does not seem to apply widely.