{"title":"UNIX管理中的RBAC","authors":"Glenn Faden","doi":"10.1145/319171.319180","DOIUrl":null,"url":null,"abstract":"This paper describes an implementation of RBAC for UNIX systems in which roles are used as an alternative to the traditional supermel: Roles are special shared accounts which must be formally assumed by authorized users. Each role has a full set of credentials so that it can be authenticated and authorized by existing administrative services. Rather than providing for hierarchical roles, the permissions associated with roles are expressed hierarchically using execution profiles. Extensible attributes for users, roles, and permissions are maintained in distributed databases which can support multiple security policies simultaneously.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"RBAC in UNIX administration\",\"authors\":\"Glenn Faden\",\"doi\":\"10.1145/319171.319180\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes an implementation of RBAC for UNIX systems in which roles are used as an alternative to the traditional supermel: Roles are special shared accounts which must be formally assumed by authorized users. Each role has a full set of credentials so that it can be authenticated and authorized by existing administrative services. Rather than providing for hierarchical roles, the permissions associated with roles are expressed hierarchically using execution profiles. Extensible attributes for users, roles, and permissions are maintained in distributed databases which can support multiple security policies simultaneously.\",\"PeriodicalId\":355233,\"journal\":{\"name\":\"ACM Workshop on Role-Based Access Control\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Workshop on Role-Based Access Control\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/319171.319180\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/319171.319180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This paper describes an implementation of RBAC for UNIX systems in which roles are used as an alternative to the traditional supermel: Roles are special shared accounts which must be formally assumed by authorized users. Each role has a full set of credentials so that it can be authenticated and authorized by existing administrative services. Rather than providing for hierarchical roles, the permissions associated with roles are expressed hierarchically using execution profiles. Extensible attributes for users, roles, and permissions are maintained in distributed databases which can support multiple security policies simultaneously.