A Role-based Delegation Model Using Role Hierarchy supporting Restricted Permission Inheritance

摘要

Role-Based Access Control(RBAC) is known as a proper model for enterprise environments with various organization structures. According to existing RBAC researches, senior role inherits all permissions of junior roles in the role hierarchy and user who is a member of senior role can carry out the inherited permissions as well as their own ones. But there is a possibility for senior role members to abuse permissions. Since senior role members need not have all the authority of junior roles in the real world, enterprise environments require a restricted inheritance rather than a unconditional or blocked inheritance. In this paper, we propose a new role hierarchy model which provides a restricted inheritance functionality. By dividing a single role hierarchy into inter-related role hierarchies, security administrator can easily control permission inheritance behavior. Also, we describe how role-based user-to-user, role-to-role delegation are accomplished in the proposed model.