Administration of RBAC

Similar documents
Administrative Scope and Role Hierarchy Operations

Role-based administration of user-role assignment: The URA97 model and its Oracle implementation

Director (DIR) Engineer 1 (E1) Engineer 2 (E2) Project 1 Project 2 Engineering Department (ED) Employee (E) Senior Security Officer (SSO)

Discretionary and Mandatory Controls for Role-Based Administration

The R BAC96 RBAC96 M odel Model Prof. Ravi Sandhu

CSC 474/574 Information Systems Security

Efficient Policy Analysis for Evolving Administrative Role Based Access Control 1

Administrative Scope: A Foundation for Role-Based Administrative Models

RBAC: Motivations. Users: Permissions:

Administrative Role-Based Access Control and the Security Analysis Problem

CONUGA: Constrained User-Group Assignment

Analysis of TRBAC with Dynamic Temporal Role Hierarchies

AN ACCESS CONTROL AND TRUST MANAGEMENT FRAMEWORK FOR LOOSELY-COUPLED MULTIDOMAIN ENVIRONMENTS. Yue Zhang. Submitted to the Graduate Faculty of

ANALYSIS AND SEMANTIC DESCRIPTION OF ROLE BASED ACCESS CONTROL MODELS

Module 4: Access Control

Director (DIR) Engineer 1 (E1) Engineer 2 (E2) Project 1 Project 2 Engineering Department (ED) Employee (E) Senior Security Officer (SSO)

Advanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96

Information Security CS 526

Access Control. Discretionary Access Control

Efficient Policy Analysis for Administrative Role Based Access Control

General Access Control Model for DAC

Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,

Conceptual Data Modeling

IBM Security Identity Manager Version Planning Topics IBM

Data Security and Privacy. Topic 8: Role Based Access Control

Core Role Based Access Control (RBAC) mechanism for MySQL

CS 356 Lecture 7 Access Control. Spring 2013

CS590U Access Control: Theory and Practice. Lecture 12 (February 23) Role Based Access Control

Access Control Mechanisms

Access Control Models

CSE 565 Computer Security Fall 2018

A Context-sensitive Access Control Model and Prototype Implementation

Identity, Authentication and Authorization. John Slankas

ROLE HIERARCHY ROLES SESSIONS.. roles AR ADMINIS- TRATIVE ROLES ARH ADMINISTRATIVE ROLE HIERARCHY

Access Control Models Part II

Manage Administrators and Admin Access Policies

Access Control. Discretionary Access Control

The A-IRBAC 2000 Model: Administrative Interoperable Role-Based Access Control

Outlines. Design of A Role -based Trustmanagement. Permission-based (capability-style) What We Mean by Trust- Management? Systems?

Chapter 6. Advanced Data Modeling. Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel

Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences

The Actor Role Coordinator Implementation Developer s Manual

XV. The Entity-Relationship Model

On Mutually-Exclusive Roles and Separation of Duty

Chapter 7: Entity-Relationship Model. Chapter 7: Entity-Relationship Model

Chapter 2: Entity-Relationship Model

Access Control for Shared Resources

Dell EMC SC Series and Active Directory Integration

Real Application Security Administration

Access Control in Federated Systems

Manage Administrators and Admin Access Policies

Content Modeling for Administrators

Database Systems: Design, Implementation, and Management Tenth Edition. Chapter 9 Database Design

Liferay User Management. Kar Joon Chew Oct 2011

Discretionary Access Control (DAC)

A Framework for Enforcing Constrained RBAC Policies

What is orbac? ability to group several authorizations in to profiles to easily add/remove a set of authorizations to an employee

Administration Manual

Oracle System Administrator Fundamentals It s All about Controlling What Users Can See and Do

Database Principles: Fundamentals of Design, Implementation, and Management Tenth Edition. Chapter 8 Data Modeling Advanced Concepts

Database Security Overview. Murat Kantarcioglu

P1L5 Access Control. Controlling Accesses to Resources

Relational model continued. Understanding how to use the relational model. Summary of board example: with Copies as weak entity

Formal Security Analysis of Access Control Models and Their Spatiotemporal Extensions

2004 John Mylopoulos. The Entity-Relationship Model John Mylopoulos. The Entity-Relationship Model John Mylopoulos

Chin Guok, ESnet. Network Service Interface Signaling and Path Finding

Chapter 6: Entity-Relationship Model

DAMION DISCOVERY APPLICATION ADMINISTRATION REFERENCE GUIDE

Mobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

Chapter 6: Entity-Relationship Model

Setting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000

Policy vs. Mechanism. Example Reference Monitors. Reference Monitors. CSE 380 Computer Operating Systems

T-RBAC based Multi-domain Access Control Method in Cloud

The Role Control Center: Features and Case Studies

CSE 380 Computer Operating Systems

Chapter 4: Access Control

CIS 330: Applied Database Systems. ER to Relational Relational Algebra

SNAPSHOTS FOR IBRIX A HIGHLY DISTRIBUTED SEGMENTED PARALLEL FS

Information Security & Privacy

Comprehensive Two-Level Analysis of Role-Based Delegation and Revocation Policies with UML and OCL

Windows Server 2008 Active Directory Resource Kit

Introduction to Security

CSE 530A. ER Model. Washington University Fall 2013

Database Design Phases. History. Entity-relationship model. ER model basics 9/25/11. Entity-relationship (ER) model. ER model basics II

12/05/2017. Geneva ServiceNow Custom Application Development

Oracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites

COMP Instructor: Dimitris Papadias WWW page:

Unit 1: Working With Tables

An Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model

Let s briefly review important EER inheritance concepts

Software Design and Analysis for Engineers

PostgreSQL: Decoding Partition

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

MobiControl v13: Package Rules to Profiles Migration Guide. January 2016

1. WORKSHARE PROJECT OVERVIEW

Faculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 7 Permissions

Access Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions

Chapter 2 Entity-Relationship Data Modeling: Tools and Techniques. Fundamentals, Design, and Implementation, 9/e

Role-Based Access Control (RBAC) Lab Minix Version

Transcription:

Administration of RBAC ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Fall 2005 RBAC 3 : RBAC 0 + RH + Constraints Role Hierarchy (RH) User-Role Assignment (UA) Permission-Role Assignment (PA) Users Roles Permissions user.. roles Sessions Constraints

RBAC Concept: Role: collection of users and permissions Possible other roles if RH exists Group: collection of users and other groups Size: Role: can be no users /no permissions assigned Abilities and groups Group: more than two members in general Activations: Roles: a user can active subset of assigned roles and get partial permissions Least of privilege Group: a user get all permissions of the groups that he belongs to RBAC Least of privilege: Only assign necessary permissions to roles Only active necessary permissions in a session Separation of duties: Exclusive roles and permissions Data abstraction Abstract permissions (rights and objects)

SCALE AND RATE OF CHANGE roles: 100s or 1000s users: 1000s or 10,000s or more Simplify management: Frequent changes to user-role assignment (UA) permission-role assignment (PA) More static than UA Less frequent changes for role hierarchy Administration of RBAC Administrative permissions Create/destroy users Create/destroy roles Create/destroy permissions User-role assignment (UA) and removal Permission-role assignment (PA) and removal Role-role assignment (RA) and removal Define and maintain constraints

Administration of RBAC Centralized approaches: Single chief security officer Centralized admin tool and database Role graph Decentralized approach: Autonomous administration with decentralized authorities For Scalability Control of autonomous permissions/ranges by higher roles Tradeoff between centralized control and autonomous management Administrative RBAC Using RBAC to manage RBAC Called administrative RBAC (ARBAC) Permissions: administrative permissions U, R, P, UA, PA, RH, etc Distinguished from P Roles: administrative roles (AR) Distinguished from R Users: administrators Generally distinguished from U, but not necessary Decentralized User-role assignment: UAU Permission-role assignment: APA Permission role hierarchy: ARH

ARBAC UA Roles PA Permissions Users user.. roles RH Sessions ARH Constraints AUA Admin Roles APA Admin Permissions ARBAC97 Using RBAC to facilitate administration of RBAC. URA97: Managing user-role assignment PRA97: managing permission-role assignment RRA97: managing role-role assignment to define role hierarchy Include role creation/deletion Creation of users and permissions are not included. Personal management department System/Application administrators

ADMINISTRATIVE RBAC RBAC3 ARBAC3 RBAC1 RBAC2 ARBAC1 ARBAC2 RBAC0 ARBAC0 ARBAC97 DECENTRALIZES user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy (RRA97)

EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production Engineer 1 (PE1) Engineer 1 (E1) Quality Engineer 1 (QE1) Production Engineer 2 (PE2) Engineer 2 (E2) Engineering Department (ED) Employee (E) EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

Simple ARBAC Model Use one administrative role to manage a set of regular roles Actually one user (say Alice) with administrative role does the management Alice can Add/delete users to/from these roles Add/delete permissions to/from these roles Assign these roles to other roles (make arbitrary architecture) Problem: Kind of DAC (owner of the roles) no control of what kind of users can be assigned to these roles No control of what kind of permissions can be assigned to these roles No control of what kind of roles can inherit these roles URA97 GRANT MODEL can_assign AR x CR x 2 R AR: administrative role CR: Condition 2 R: A set of roles (role range) Admin Role PSO1 PSO2 DSO SSO SSO Prereq Role ED ED ED E ED Role Range [E1,PL1) [E2,PL2) (ED,DIR) [ED,ED] (ED,DIR]

URA97 GRANT MODEL Use negative prerequisite role for conditions For mutual exclusive roles Admin Role PSO1 PSO1 PSO1 PSO2 PSO2 PSO2 Prereq Cond ED ED PE1 ED QE1 ED ED PE2 ED QE2 Role Range [E1,E1] [QE1,QE1] [PE1,PE1] [E2,E2] [QE2,QE2] [PE2,PE2] URA97 Grant Administrator independent A user is revoked from the administrator role, but the assignments are still effective. Condition independent If a prerequisite is no longer valid, the previous assignments are still effective. Different from DAC

URA97 REVOKE MODEL can_revoke AR x 2 R AR: administrative role 2 R: A set of roles (role range) Admin Role PSO1 PSO2 DSO SSO Role Range [E1,PL1) [E2,PL2) (ED,DIR) [ED,DIR] URA97 Revocation

URA97 REVOKE MODEL WEAK REVOCATION revokes explicit membership in a role independent of who did the assignment Different from the revocation from DAC URA97 REVOKE MODEL STRONG REVOCATION revokes explicit membership in a role and its seniors authorized only if corresponding weak revokes are authorized alternatives all-or-nothing revoke within range

URA97 Revocation ARBAC97 DECENTRALIZES user-role assignment (URA97) permission-role assignment (PRA97) role-role hierarchy

PERMISSION-ROLE ASSIGNMENT dual of user-role assignment can_assignp AR x CR x 2 R can_revokep AR x 2 R weak revoke strong revoke (propagates down) PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION ARole Prereq Cond Role Range PSO1 PL1 [E1,PL1) PSO2 PL2 [E2,PL2) DSO E1 E2 [ED,ED] SSO PL1 PL2 [ED,ED] SSO ED [E,E]

PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION ARole PSO1 PSO2 DSO SSO Role Range [E1,PL1] [E2,PL2] (ED,DIR) [ED,DIR] ARBAC97 DECENTRALIZES user-role assignment (URA97) permission-role assignment (PRA97) role-role assignment (RRA97)

RRA97 Three types of roles: Group roles: Only have members of users and other groups Use URA97 for role-role assignments Abilities: Only have members of permissions or other abilities PRA97 UP-roles user-and-permission roles RRA97 RRA97 Four operations Create role Delete role Insert edge Delete edge

can-modify Authority range must be encapsulated To be discussed later Example Role Hierarchy PSO1 DSO PSO1

Range Definitions Range Create Range Encap. Range Authority Range Authority Range Range: (x, y) = {r : Roles x < r < y} Authority Range: A range referenced in can-modify relation Partial Overlap of Ranges: The ranges Y and Y partially overlap if Y Y φand Y Y Y Y Partial Overlap of Authority Ranges is forbidden

Authority Range Encapsulated Authority Range: The authority range (x, y) is said to be encapsulated if r1 (x, y) and r2 (x, y) r2 > r1 r2 > y r2 < r1 r2 < x Non-encapsulated Range (x, y) y y r1 r2 r3 r4 x x

Encapsulated Range (x, y) y y r1 r2 r3 r4 x x Encapsulated Range (x, y) y y r1 r2 r3 r4 x x

Edge insertion anomaly PSO1 DSO PSO1 Edge insertion anomaly Edge insertion by PSO1 in range (E1,PL1) impacts relationship between X and Y outside the PSO1 range Do not allow X and Y to be introduced (by DSO) Do not allow PSO1 to insert edge from QE1 to PE1

ROLE CREATION New roles are created one at a time Creation of a role requires specification of immediate parent and child These must be within the can-modify range or be one of the endpoints of the range Immediate parent must be senior to immediate child If junior will introduce cycle If incomparable will introduce a new edge (so introduce the new edge first and then create the new role) Immediate parent and immediate child must constitute a create range (prior to creation) Create Ranges Note: only comparable roles constitute a create range.

Create Ranges A is end point of AR immediate (x) A is end point of AR immediate (r3) these are not create ranges B is end point of AR immediate (y) Authority ranges (B,A) (x,y) Create ranges dashed lines --- Semantics of delete role End points of authority ranges cannot be deleted. Deletion of a role preserves all transitive edges Deletion that causes dangling references is prohibited Prohibit deletion of roles used in can_assign, can_revoke, can_modify OR Deactivate these roles when they are deleted. Inactive roles cannot be activated in a session and new users and permissions cannot be added. Preserve permissions and users in a deleted role Only empty roles can be deleted OR Users pushed down to immediately junior roles and permissions are pushed up to immediately senior roles

Inactive Roles End points of authority ranges can be made inactive. Inactive Roles: A user associated to it cannot use it. Inheritance of permissions is not affected. Permissions and users can be revoked. INSERTION OF AN EDGE Inserted only between incomparable roles (No Cycles) Inserted one at a time. Edge insertion must preserve encapsulation of authority ranges

Preserving encapsulation on edge insertion Insertion of (y,r3) is ok but will prevent future insertion of (r3,x) Likewise insertion of (r3,x) is ok but will prevent future insertion of (y,r3) Authority ranges (B,A) (x,y) DELETION OF AN EDGE Edges can be deleted only if they are not transitively implied The edges in transitive reduction are candidates for deletion. Deleted one at a time. Deleting an edge preserves transitive edges Cannot delete an edge between the endpoints of an authority range

Delete Edge Delete edge (r,r ) Example : Before deletion (SQE1, JQE1) DIR PL1 SQE1 PL2 PE1 JQE1 PE2 QE2 E1 E2 ED

Example : After deletion (SQE1, JQE1) DIR PL1 SQE1 PL2 PE1 JQE1 PE2 QE2 E1 E2 ED Conclusion ARBAC97 provides decentralized administration of role hierarchies. Gives administrative role autonomy within a range but only so far as the side effects of the resulting actions are acceptable.

other approaches ARBAC99 Mobile and immobile membership improves URA97 and PRA97 ARBAC02 Try to solve some problems in URA97 and PRA97 Administrative scope: Try to solve problems in RRA97 A Model for Role Administration Using Organization Structure

Contents Problems of URA97 Problems of PRA97 Solution : ARBAC02 model Conclusion ARBAC97 model Main point of decentralized RBAC administration How to control proper administration range (or boundary) of each administrative role ARBAC97 model : use role range and prerequisite condition URA97, PRA97

RH and ARH Director (DIR) Project lead 1 (PL1) Production Quality Engineer 1 Engineer 1 (PE1) (QE1) Engineer 1 (E1) Project lead 2 (PL2) Production Quality Engineer 2 Engineer 2 (PE2) (QE2) Engineer 2 (E2) Project 1 Project 2 Engineering Department (ED) Employee (E) ARH Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)

ARBAC97 model Example of can-assign and can-assignp Admin. Role Prereq. Condition Role Range PSO1 PSO1 PSO1 PSO2 PSO2 PSO2 DSO DSO DSO SSO SSO Can-assign ED E1 QE1 E1 PE1 ED E2 QE2 E2 PE2 ED PL2 ED PL1 ED E ED [E1, E1] [PE1, PE1] [QE1, QE1] [E2, E2] [PE2, PE2] [QE2, QE2] [PL1, PL1] [PL2, PL2] (ED, DIR) [ED,ED] (ED, DIR] Admin. Role Prereq. Condition Role Range DSO DSO PSO1 PSO1 PSO2 PSO2 Can-assignp DIR DIR PL1 QE1 PL1 PE1 PL2 QE2 PL2 PE2 [PL1, PL1] [PL2, PL2] [PE1, PE1] [QE1, QE1] [PE2, PE2] [QE2, QE2] Problems of URA97 Characteristics of user-role assignment Security officer SO1 can assign user U1 to role R2 when U1 is already member of prerequisite role R1 that is for SO1. Assigned users in R1 is restricted range (or boundary) to user-role assignment for SO1. (Assigned users in R1 is a user pool for SO1). R2 can be prerequisite role for other security officers. Admin. Role Prerequiste Condition Role Range R2 Can-assign SO1 R1 [R2,R2] R1 User pool

Problems of URA97 Characteristics of user-role assignment Consequently users should be assigned from lowest prerequisite role to higher prerequisite role in the role hierarchy From can-assign table, we can ratiocinate the first URA step is as follows : E1 E2 ED E : User pool Problems of URA97 URA97 brings about : UA1. Multi step assigns Suppose that new employed engineer John will be assigned to QE1 role. Assign step : assign John to E assign John to ED assign John to E1 assign John to QE1 The higher role hierarchy may requires the more assign step. It may lead to work of two or more security officers.

Problems of URA97 URA97 brings about : UA2. Duplicated UA information Suppose that Tom is a member of QE1 role. It means that Tom is a explicit member of E, ED, E1, and QE1. Removing tuple 1,2, and 3 makes no effect to Tom s access rights. They are need only for administrative purpose. QE1 Tom E1 Tom ED Tom E Tom UA table Role Assigned user E.. ED.. E1.. QE1 Tom.. Tom.. Tom.. Tom 1 2 3 4 Problems of URA97 URA97 brings about : UA3. Restricted composition of user pool Suppose the company in the example wants to maintain human resource pool H1, H2, and H3. And new policy requires that Production Engineer should be picked from H1 and Quality Engineer should be picked from H2. It is impossible to realize new policy without changing of Role Hierarchy.

Problems of URA97 URA97 brings about : UA3. Restricted composition of user pool (cont.) In the URA97 model, composing user pool is based on the prerequisite roles, and prerequisite roles are belongs to role hierarchy. Consequently composing user pool is restricted by role hierarchy. Sometimes real world needs more flexible user pool, and it brings about more complicated Role Hierarchy Problems of PRA97 Characteristics of permission-role assignment Permission-role assignment step is similar to delegation. The permissions of highest role on the role hierarchy spread down to lower roles by security officer. Security officer SO1 can assign permission P1 to role R1 when P1 is already member of prerequisite role R2 that is for SO1. Assigned permissions in R2 is restricted range (or boundary) to permission-role assignment for SO1. (Assigned permissions in R2 is a permission pool for SO1). R2 R1 permission pool Can-assign

Problems of PRA97 Characteristics of permission-role assignment From can-assignp table, we can obtain the first PRA steps as follows DIR PL1 PL2 PE1 QE1 PE2 QE2 : Permission pool Problems of PRA97 PRA97 brings about : PA1. Multi step assign PA2. Duplicated PA information PA3. Restricted composition of permission pool Similar to UA1, UA2, and UA3

Problems of PRA97 PRA97 brings about : PA4. No restriction for permission pool Suppose there exist can-assignp(so1, R2, [R1,R1]). Then SO1 can assign in R2 s any permissions to R1. There is no restriction. How to specify some of permissions are only for R2? cannot solve in PRA97 In PRA99 model, it can be solved by immobile membership concept. But it requires additional information about permission pool. R2 permission pool All can be assigned by SO1 R1 Problems of PRA97 PRA97 brings about : PA5. Lead to undesirable side effect PSO1 can move some permissions of PL1 to QL. But QL is out of range of PSO1. DIR Role Range Of PSO1 PE1 PL1 QE1 QL QE2 PL2 PE2 Role Range Of DSO illegal flow : A Permission

Solution : ARBAC02 Direction Choosing new base for user pool and permission pool (role hierarchy independent organization structure) RH user /permission pool RH user /permission pool Org. structure Organization unit is a good container for user pool and permission pool Organization unit : A group of people and functions (permissions) for achieving given missions. Solution : ARBAC02 Organization structure as a user pool Basic organization structure is predefined before access control Users are pre-assigned to basic organization structure. (by HR officer) Production Division (PRD) Engineering Department (ED) Purchasing Department (PD) Manufacturing Department (MD) Project 1 (PJ1) Project 2 (PJ2) Quality Control (QC) Stock Control (SC)

Solution : ARBAC02 Organization structure as a permission pool Permissions are pre-assigned to basic organization structure. (by IT officer) Project1 (PJ1) Project 2 (PJ2) Quality Control (QC) Stock Control (SC) Engineering Department (ED) Purchasing Department (PD) Manufacturing Department (MD) Production Division (PRD) Solution : ARBAC02 Users System Resources Assigned by human resource (HR) group Assigned by information technology (IT) group HR and IT Area Org. structure for user pool Org. structure for permission pool Assign user to role by security admin. group Assign permission to role by security admin. group Security admin. Area Role hierarchy

Solution : ARBAC02 Modification of prerequisite condition Suppose can-assign(pso1, E1 QE1, [PE1,PE1]) It can be redefined by org. unit : can-assign (PSO1, @PJ1 QE1, [PE1,PE1]) PSO1 can assign users, who are in org. unit PJ1 and not in role QE1, to PE1 To distinguish role and Org. unit name, we use @ in the front of Org. unit name Solution : ARBAC02 Modification of prerequisite condition Redefine of can-assign table Can-assign (ARBAC97) Admin. Role Prereq. Condition Role Range PSO1 PSO1 PSO1 PSO2 PSO2 PSO2 DSO DSO DSO SSO SSO ED E1 QE1 E1 PE1 ED E2 QE2 E2 PE2 ED PL2 ED PL1 ED E ED [E1, E1] [PE1, PE1] [QE1, QE1] [E2, E2] [PE2, PE2] [QE2, QE2] [PL1, PL1] [PL2, PL2] (ED, DIR) [ED,ED] (ED, DIR] Admin. RolePrereq. Condition Role Range PSO1 PSO1 PSO2 PSO2 DSO DSO DSO SSO Can-assign (ARBAC02) @PJ1 QE1 @PJ1 PE1 @PJ2 QE2 @PJ2 PE2 @ED PL2 @ED PL1 @ED @ED [PE1, PE1] [QE1, QE1] [PE2, PE2] [QE2, QE2] [PL1, PL1] [PL2, PL2] (ED, DIR) (ED, DIR]

Solution : ARBAC02 Proposed model solves problems UA1 and UA2 Avoid multi-step user assignment Avoid duplicated user assignment information QE1 Tom E1 Tom ED Tom E1 QE1 ED PJ1 Tom E Tom E (ARBAC97) (ARBAC02) Solution : ARBAC02 Proposed model solves problems UA3 Suppose the company in the example want to maintain human resource pool H1, H2, and H3. And new policy requires that Production Engineer should be picked from H1 and Quality Engineer should be picked from H2. In the proposed model, new org. Unit H1, H2, and H3 can be added to proper position of org. structure. Then change prerequisite condition such like : can-assign(pso1, PJ1 QE1, [PE1, PE1]) can-assign (PSO1, @H1, [PE1, PE1]) It requires no change of role hierarchy!

Solution : ARBAC02 Proposed model solves problems PA1~ PA4 Proposed model solves problems PA5 In the proposed model, common permissions are assigned to lower roles in the role hierarchy, and higher roles get their special permissions. (bottom-up) These bottom-up style permission-role assignment prevent undesirable side effect in PA5. DIR Role Range Of PSO1 PE1 PL1 QE1 QL QE2 PL2 PE2 Role Range Of DSO PSO1 cannot assign PL1 s any explicitly assigned permissions to QL Solution : ARBAC02 Role hierarchy Sessions Roles Permissions Users Constraints Permission Pool unit User Pool unit Administrative Roles Admin. Permissions OS-P OS-U Administrative Role hierarchy

Conclusion ARBAC02 overcomes shortcomings of ARBAC97 ARBAC02 supports flexible user pool and permission pool structure independent from role hierarchy. In the ARBAC97 model, user pool and permission pool are tightly coupled with role hierarchy. It leads to some problems. ARBAC02 supports bottom-up oriented permissionrole assignment PRA97 model follows top-down approach. It leads to un desirable side effect. Administration Scope For RRA Dynamic change of an admin range

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback