Role-Based Access Control
RBAC; Role based security
Access control is a security service responsible for defining which subjects can perform what type of operations on which objects. A subject is typically an active entity such as a user or a process, and an object is an entity, such as a file, database table or a field, on which the subject can perform some authorized operations. A permission indicates the mode of operation on a particular object.
Role based access control (RBAC) involves controlling access to computer resources and information by (i) defining users, roles, and permissions, and (ii) assigning users and permissions to roles. A user can create a sessionin which he/she can activate a subset of the roles he/she has been assigned to and use the permissions associated with the activated roles. RBAC approach is based on the understanding that a user’s access needs are defined by the roles that he/she plays within his/her organization. In general, a role is considered as a group...
- 2.American National Standard for Information Technology (ANSI). Role based access control. ANSI INCITS 359-2004, February 2004.Google Scholar
- 4.Bertino E, Catania B, Damiani ML, Perlasca P. GEO-RBAC: a spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies; 2005. p. 29–37.Google Scholar
- 5.Chandran SM, Joshi JBD. LoT RBAC: a location and time-based RBAC model. In: Proceedings of the 6th International Conference on Web Information Systems Engineering; 2005. p. 361–75.Google Scholar
- 8.Joshi JBD, Shafiq B, Ghafoor A, Bertino E. Dependencies and separation of duty constraints in GTRBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies; 2003. p. 51–64.Google Scholar
- 9.Nyanchama M, Osborn SL. The role graph model. In: Proceedings of the 1st ACM Workshop on Role-Based Access Control; 1995.Google Scholar
- 11.Piromruen S, Joshi JBD. An RBAC framework for time constrained secure interoperation in multi-domain environment. In: Proceedings of the IEEE Workshop on Object-oriented Real-time Dependable Systems; 2005. p. 36–45.Google Scholar
- 15.Zhang L, Ahn G, Chu B. A role-based delegation framework for healthcare information systems. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies; 2002. p. 125–34.Google Scholar