An Improved Administration Method on Role-Based Access Control in the Enterprise Environment

Access control is a difficult security issue for enterprise organizations. Role-based access control (RBAC) model is well known and recognized as a good security model for enterprise environment. Though RBAC is a good model, administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. RBAC model itself does not tell the solution. Little research was done on practical ways to find the information that fills RBAC components such as role, role hierarchy, permission-role assignment, user-role assignment, and so on from the real world. In this paper we suggest the possibility of model-based administration of RBAC in an enterprise environment. Model-based administration methods allows security administrator to manage access control by GUI that supports graphical enterprise model. If security administrator creates or changes some of components of graphical enterprise model, then it is translated to RBAC schema information by administration tool. We focus on a practical way of deriving access control information from real world. It is a core of model-based administration. Here we show the derivation method and implementation experiences