Previous [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Journal of Inforamtion Science and Engineering, Vol.17 No.6, pp.921-944 (November 2001)


An Improved Administration Method on Role-Based
Access Control in the Enterprise Environment

Sejong Oh and Seog Park *
Department of Computer Science
Sogang University
Seoul 121-742, Korea
E-mail: {sejong, spark}@dblab.sogang.ac.kr

Access control is a difficult security issue for enterprise organizations. Role-based access control (RBAC) model is well known and recognized as a good security model for enterprise environment. Though RBAC is a good model, administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. RBAC model itself does not tell the solution. Little research was done on practical ways to find the information that fills RBAC components such as role, role hierarchy, permission-role assignment, user-role assignment, and so on from the real world. In this paper we suggest the possibility of model-based administration of RBAC in an enterprise environment. Model-based administration methods allows security administrator to manage access control by GUI that supports graphical enterprise model. If security administrator creates or changes some of components of graphical enterprise model, then it is translated to RBAC schema information by administration tool. We focus on a practical way of deriving access control information from real world. It is a core of model-based administration. Here we show the derivation method and implementation experiences

Keywords: RBAC, access control, security, enterprise environment, business model

Full Text () Retrieve PDF document (200111_04.pdf)

Received January 30, 2001; accepted July 10, 2001.
Communicated by Chi Sung Laih.