Skip to Main Content
Role based access control (RBAC) model is widely used in information system for efficient management of complex access control policy. Various extensions to the basic RBAC model are proposed for different purpose. A novel extension to the basic RBAC is presented in this paper. The model proposed in this paper is characteristic of (1) flexible and fine grained access control on objects such as tuples and attributes in DBMS, (2) providing administrative separation of duty at operation level by associating one operation to several privileges, (3) providing administrative separation of duty at task level by requiring a set of prerequisite roles before role is assigned to user. Furthermore, an efficient access decision algorithm for DRBAC is presented.