Administration Model for RBAC
The central ideal of administration model for RBAC is to use the role itself to manage roles. There are two well-known families of administration RBAC models.
The Administrative RBAC family of models known as ARBAC97  introduces administrative roles that are used to manage the regular roles. These roles can form a role hierarchy and may have constraints. ARBAC97 consists of three administrative models, the user-role assignment (URA97) model, the permission-role assignment (PRA97) model, and the role-role administration (RRA97) model. URA97 defines which administrative roles can assign which users to which regular roles by means of the relation: can_assign. Similarly, PRA97 defines which administrative roles can assign which permissions to which regular roles by means of the relation: can_assignp. Each of these relations also has a counterpart for revoking the assignment (e.g., can_revoke). RRA97 defines which administrative...
- 2.Oh S, Sandhu R. A model for role administration using organization structure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies; 2002. p. 155–62.Google Scholar
- 4.Sandhu R, Munawer Q. The ARBAC99 model for administration of roles (1999). In: Proceedings of the 15th Computer Security Applications Conference; 1999. p. 229.Google Scholar
- 5.Zhang Y, James B, Joshi D. SARBAC07: scoped administration model for RBAC with hybrid hierarchy. In: Proceedings of the 3rd International Symposium on Information Assurance and Security; 2007, p. 149–54.Google Scholar
- 6.Zhang Y, Joshi JBD. ARBAC07: a role based administration model for RBAC with hybrid hierarchy. In: Proceedings of the IEEE International Conference Information Reuse and Integration; 2007, p. 196–202.Google Scholar