1 / 16

Role Activation Hierarchies

Role Activation Hierarchies. Ravi Sandhu George Mason University. RBAC96. ROLE HIERARCHIES. USER-ROLE ASSIGNMENT. PERMISSION-ROLE ASSIGNMENT. USERS. ROLES. PERMISSIONS. SESSIONS. CONSTRAINTS. ROLE HIERARCHIES. Inheritance hierarchies permission inheritance user inheritance

ginger
Download Presentation

Role Activation Hierarchies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Role Activation Hierarchies Ravi Sandhu George Mason University

  2. ... RBAC96 ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSION-ROLE ASSIGNMENT USERS ROLES PERMISSIONS SESSIONS CONSTRAINTS

  3. ROLE HIERARCHIES • Inheritance hierarchies • permission inheritance • user inheritance • Activation hierarchies • role membership versus role activation

  4. EXAMPLE ROLE HIERARCHYINTERPRETATIONS Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)

  5. ALTERNATIVES • separate inheritance and activation hierarchies • this paper • single inheritance and activation hierarchy • most common approach, including RBAC96 • activation hierarchy only, no inheritance • alternative identified in NIST RBAC model • inheritance hierarchy only, no activation hierarchy • does not seem to be useful

  6. + - H M1 M2 - + L LBAC: LIBERAL *-PROPERTY Read Write

  7. HR LW M1R M2R LR HW LBAC: LIBERAL *-PROPERTY DUAL ROLE SIMULATION + M1W M2W - Read Write

  8. H M1 M2 L LBAC: STRICT *-PROPERTY + - Read Write

  9. HR M1R M2R LR LBAC: STRICT *-PROPERTY DUAL ROLE SIMULATION M1W LW HW M2W

  10. HR M1R M2R LR LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES

  11. HR M1R M1W M2R M2W LR LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES HW LW

  12. HR M1R M1W M2R M2W LR LBAC: STRICT *-PROPERTY SIMULATION BY PRIVATE ROLES HW LW

  13. DYNAMIC SEPARATION OF DUTIES • Roles in dynamic SOD • cannot have common seniors in role inheritance hierarchy, but • can have common seniors in role activation hierarchy

  14. EXAMPLE ROLE HIERARCHYINTERPRETATIONS Director (DIR) Project Lead 1 (PL1) Project Lead 2 (PL2) Production 1 (P1) Quality 1 (Q1) Production 2 (P2) Quality 2 (Q2) Engineer 1 (E1) Engineer 2 (E2) Engineering Department (ED) PROJECT 1 PROJECT 2 Employee (E)

  15. A A B B C C D D E E ACTIVATION HIERARCHIES

  16. CONCLUSION • separate inheritance and activation hierarchies • this paper • single inheritance and activation hierarchy • most common approach, including RBAC96 • activation hierarchy only, no inheritance • alternative identified in NIST RBAC model • inheritance hierarchy only, no activation hierarchy • does not seem to be useful

More Related