RBAC standard


The ANSI/INCITS RBAC standard includes the definition of the RBAC Reference Model and the RBAC System and Administrative Functional Specification.

The RBAC Reference Model constitutes four model components: core RBAC model, hierarchical RBAC model, RBAC with Static Separation of Duty and RBAC with Dynamic Separation of Duty [ 1]. The RBAC models with Separation of Duty are also called Constrained RBAC. The core RBAC includes the following entities:
  • USERS, ROLES, OPS, and OBS are the sets of users, roles, operations and objects, respectively.

  • UAUSERS × ROLES is a many-to-many mapping from USERS to ROLES.

  • Assigned_users: (r:ROLES) → 2USERS, is mapping of role r onto a set of users. Formally: assigned_users(r) = {uɛUSERS | (u, r) ɛ UA}

  • PRMS = 2(OBS × OPS) is the set of permissions.

  • PAPERMS × ROLES is a many-to-many mapping from PERMISSIONS to ROLES.

  • Assigned_permissions(r:ROLES) → 2PRMS, is mapping of role r onto a set of permissions. Formally: assigned...

