A Review Paper Role Based Access Control

The essence of Role-Based Access Control (RBAC) is that system permissions are assigned to defined “roles” rather than to individual users. Users acquire these permissions by virtue of being authorised to act in a categorised manner known as a “role”. The driving motivation for RBAC is to simplify security policy administration while facilitating the definition of flexible, customised policies. Basic RBAC models have been successfully applied since the mainframe era, but emerging networked systems, which have greater numbers of users, roles, and program components, challenge the expressive power of these classical RBAC models. This is particularly true for cross-enterprise distributed networks for electronic commerce applications. The development of new modeling concepts and techniques is required to support large-scale, enterprise-wide, distributed systems. Role languages are needed that can simply modify constraints associated with roles thereby permitting dynamic response to enterprise policy changes in a transparent fashion to applications. Role definition and management thus becomes a process with high trust requirements.