Role-based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we investigate one aspect of RBAC administration concerning assignment of users to roles. We define a role-based administrative model, called URA97 (User-Role Assignment ’97), for this purpose and describe its implementation in the Oracle database management system. Although our model is quite different from that built into Oracle, we demonstrate how to use Oracle stored procedures to implement it.