Role Activation Management in Role Based Access Control

  • Richard W. C. Lui
  • Sherman S. M. Chow
  • Lucas C. K. Hui
  • S. M. Yiu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


Role Based Access Control (RBAC) [6] is a popular approach to specify and enforce security policies in organizations. In RBAC, users are not directly assigned permission but with the use of roles as the intermediary. Role activation is one important component in RBAC. A user may activate a subset of his/her assigned roles to exercise the associated permission. This paper proposes a number of ways in which the role activation constraints can be specified and enforced in the enterprise environment. Also, an access control model and an authorization process are proposed to support the specification and enforcement of dynamic separation of duty constraints in a decentralized manner.


Role Based Access Control Security Management Role Activation Dynamic Separation of Duty 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bhamidipat, V., Sandhu, R.: Push architectures for user-role assignment. In: National Information Systems Security Conference (2000)Google Scholar
  2. 2.
    Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: X-GTRBAC admin: a decentralized administration model for enterprise wide access control. In: SACMAT 2004: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 78–86. ACM Press, New York (2004)CrossRefGoogle Scholar
  3. 3.
    Dunlop, N., Indulska, J., Raymond, K.: Dynamic policy model for large evolving enterprises. In: EDOC, p. 193 (2001)Google Scholar
  4. 4.
    Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3), 666–682 (2001)CrossRefGoogle Scholar
  5. 5.
    Ferraiolo, D.F., Barklery, J.F., Richard Kuhn, D.: A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Information and System Security 2(1), 34–64 (1999)CrossRefGoogle Scholar
  6. 6.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House, Boston (2003)zbMATHGoogle Scholar
  7. 7.
    Hine, J.H., Yao, W., Bacon, J., Moody, K.: An architecture for distributed oasis services. In: Coulson, G., Sventek, J. (eds.) Middleware 2000. LNCS, vol. 1795, pp. 104–120. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), Monterey, Calif., June 3-4, pp. 155–162. ACM, New York (2002)CrossRefGoogle Scholar
  9. 9.
    Park, J.S., Sandhu, R.S., Ghanta, S.: Rbac on the web by secure cookies. In: DBSec, pp. 49–62 (1999)Google Scholar
  10. 10.
    Perwaiz, N.: Structured management of role-permission relationships. In: ACM Workshop on Role Based Access Control archive Proceedings of the sixth ACM symposium on Access control models and technologies, Chantilly, Virginia, United States, pp. 163–169 (2001)Google Scholar
  11. 11.
    Sandhu, R., Chandramouli, R.: Role based access control features in commercial database management systems. In: 21st National Information Systems Security Conference, Crystal City, Virginia, October 6-9 (1998)Google Scholar
  12. 12.
    Sandhu, D.F.R., Kuhn, R.: The nist model for role-based access control: Towards a unified standard. In: ACM Workshop on Role-Based Access Control (2000)Google Scholar
  13. 13.
    Sandhu, R.: Transaction control expressions for separation of duties. In: Proc. of the Fourth Computer Security Applications Conference, pp. 282–286 (1998)Google Scholar
  14. 14.
    Sandhu, R.: Role activation hierarchies. In: Symposium on Access Control Models and Technologies archive Proceedings of the third ACM workshop on Role-based access control, Fairfax, Virginia, United States, pp. 33–40 (1998) ISBN:1-58113-113-5Google Scholar
  15. 15.
    Sandhu, R.S., Munawer, Q.: The ARBAC 1999 model for administration of roles. In: Annual Computer Security Applicarions Conference, p. 229 (1999)Google Scholar
  16. 16.
    Simon, R.T., Zurko, M.E.: Separation of duty in role-based environments. In: IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Richard W. C. Lui
    • 1
  • Sherman S. M. Chow
    • 1
  • Lucas C. K. Hui
    • 1
  • S. M. Yiu
    • 1
  1. 1.Department of Computer ScienceThe University of Hong KongHong Kong

Personalised recommendations