Role-Based Access Control (RBAC) is an area that has received increasing attention in recent years. By separating the assignment of rights and permissions to roles from the assignment of users to roles, the security structure can be kept essentially static even though users may change over time.
The role concept, however, is wider than what is reflected in RBAC. Further, we show how roles can be placed in a broader organizational perspective, and how roles viewed from this perspective relate to RBAC.
The concept of role has origins in the behavioral sciences and has
long been used in enterprise modelling [Bid79]. Considering
this background, Sloman defines a manager role as a set of
authorization and obligation policies for which a particular
manager position is the subject [Slo94]. A manager
position is defined as a particular position within an
organization
. Further, Sloman mentions four important facets
associated with a position within an organization, namely
authority, responsibility, functions, and
interactions. Focusing on organizational policies, Sloman sees
roles mainly as a tool for disseminating policies within an
organization. This is also the approach taken by Marriott and by Lupu,
Marriott, Sloman, and Yialelis [Mar93,LMSY95].
Sandhu, Coyne, Feinstein, and Youman adopt a similar view when they stress the importance of distinguishing roles as policy from the mechanisms used to implement them in an access-control system [SCFY94]. In the article, the authors derive a taxonomy of security models into which roles, and RBAC, are categorized as computer policy models. In [SCFY96] the same authors propose a family of reference models for RBAC. The base model is composed of users, roles, permissions and sessions. To this model is added assignments of permissions to roles and users to roles. In an extended model the authors also include role hierarchies and constraints.
A common operational approach, exemplified by Nyanchama and Osborn, is to define roles simply as named collections of privileges, whose specification may be subjected to any type of security policies [NO93a,NO93b]. Another approach is given by Demurjian, Hu, Ting, and Kleinman who propose a three-level, user-role definition hierarchy consisting of user classes, user types, and finally user roles [DHTK93]. A modified version of this model has been adopted by Mohammed and Dilts [MD94].
In the literature there is broad consensus about the administrative merits of RBAC. To us, one of the important benefits of RBAC is that it is possible to define a static security structure that is independent of individual users. By isolating the invariant parts, administration is reduced to a minimum. These advantages have led many authors to advocate RBAC in preference of traditional security approaches such as mandatory and discretionary access control (MAC and DAC) [CS92,DHTK93,SCFY94,SF94,MD94]. Sandhu and colleagues suggest that RBAC in a sense is policy neutral, as most other approaches, such as MAC and DAC, can be realized using RBAC [SCFY96].
As we have seen, there are many approaches to defining what constitutes a role. Not many authors place roles in a broader context or reflect on aspects beyond access control in their role definitions. We believe it is important to view RBAC, or any security approach, not only as an administrative tool or a purely technical issue of implementation, but also as one of several components in an overall effort towards good computer security. Even though technically advanced, any security scheme will lose its effectiveness if there do not exist well-defined security goals, and security policies derived from these goals, within the organization. It is also necessary that these policies are understood and endorsed by all those concerned. One goal in this chapter is to expand the role concept and place it in a wider perspective. In doing so we also want to make the distinction between the definition of roles and their uses clearer.
In the following we adopt the following, very basic, definition
(Role). A role is a position or job function within anFrom this definition it can be seen that, in order to completely describe a role, it is necessary to describe both the role function as well as its place in an overall structure.
organizational structure.