UML-based representation of role-based access control

Abstract

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. Several framework for the development of role-based systems have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and refer to develop role-based systems. The Unified Modeling Language (UML) is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. In this paper we represent the RBAC model with this well-known modeling language to reduce a gap between security models and system developments. We specify the RBAC model with three views: static view, functional view, and dynamic view. In addition, we briefly discuss about the future directions.