Engineering of Role/Permission Assignments
نویسندگان
چکیده
In this paper, we develop a model for engineering role-permission assignment. Our model builds upon the well-known RBAC96 model [SCFY96]. Assigning permissions to roles is considered too complex an activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. We specifically introduce the concept of Jobs, Work-patterns, and Tasks to facilitate rolepermission assignment into a series of smaller steps. We describe methodologies for using this model in two different ways. In a top-down approach, roles are decomposed into permissions, whereas in a bottom-up approach, permissions are aggregated into roles.
منابع مشابه
Visual Approach to Role Mining with Permission Usage Cardinality Constraint
Role Based Access Control (RBAC) is an effective way of managing permissions assigned to a large number of users in an enterprise. This paper offers a new role engineering approach to RBAC, referred to as visual role mining. The key idea is to graphically represent userpermission assignments to enable quick analysis and elicitation of meaningful roles with constraint. There are two algorithms: ...
متن کاملAuthorization Algorithms for Permission-Role Assignments
Permission-role assignments (PRA) is one important process in Role-based access control (RBAC) which has been proven to be a flexible and useful access model for information sharing in distributed collaborative environments. However, problems may arise during the procedures of PRA. Conflicting permissions may assign to one role, and as a result, the role with the permissions can derive unexpect...
متن کاملStrategic Role Engineering Approach to Visual Role Based Access Control (V-RBAC)
Work on Role Based Access Control (RBAC) has emerged as the principle type of access control model in theory and practice. RBAC has frequently been criticized for the difficulty of setting up an initial role structure and for inflexibility in rapidly changing application. This paper offers a new role engineering approach to RoleBased Access Control (RBAC), referred to as visual role mining. The...
متن کاملFormal Authorisation Allocation Approaches for Permission-role Assignment Using Relational Algebra Operations
In this paper, we develop formal authorization allocation algorithms for permission-role assignments. The formal approaches are based on relational structure, and relational algebra and operations. The process of permission-role assignments is an important issue in role-based access control (RBAC) as it may modify the authorization level or imply high-level confidential information to be derive...
متن کاملThe generalized temporal role mining problem
Role mining, the process of deriving a set of roles from the available user-permission assignments, is considered to be an essential step in successful implementation of Role-Based Access Control (RBAC) systems. Traditional role mining techniques, however, are not equipped to handle temporal extensions of RBAC like the Temporal-RBAC (TRBAC) model. In this paper, we formally define the problem o...
متن کامل