Cart (Loading....) | Create Account
Close category search window

The RRA97 model for role-based administration of role hierarchies

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Sandhu, R. ; ISE Dept., George Mason Univ., Fairfax, VA, USA ; Munawer, Q.

Role-based access control (RBAC) has recently received a lot of attention due to its flexibility, expressive power and simplicity in administration. In RBAC permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. Centralized management of RBAC in large systems is a tedious and costly task. An appealing possibility is to use RBAC itself to facilitate decentralized administration of RBAC. The recently proposed ARBAC97 (administrative RBAC '97) model identifies components called URA97, PRA97 and RRA97 for administration of user-role, permission-role and role-role assignments respectively. URA97 and PRA97 have already been described in detail in the literature, whereas RRA97 has so far not been defined. The central contribution of this paper is to give a complete and formal definition of RRA97, thereby completing the ARBAC97 model. The effect of role-role assignment is to construct a role hierarchy (that is, a partial order) in which senior roles inherit permissions from junior roles. Modifications to the role hierarchy can have drastic impact on the effective distribution of permissions to roles. At the same time we would like to decentralize this aspect of RBAC administration so that, for example, it should be possible for project security officers to rearrange roles within a project without impacting other role relationships within the department in which the project exists. RRA97 shows how this goal can be achieved

Published in:

Computer Security Applications Conference, 1998. Proceedings. 14th Annual

Date of Conference:

7-11 Dec 1998

Need Help?

IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.