Exploring User-to-Role Delegation in Role-Based Access Control

摘要

Enterprises must have business security solutions that provide detection and enforcement at every point of network access. Role-based access control (RBAC) formulates that access decisions are based on the roles that individual users have as members of a system. In RBAC, there are role hierarchies in which a senior role inherits the permissions of a junior role. In order to allow a junior role to perform one or more tasks of a senior role, various delegation models have been proposed in the literature. This paper presents a new role-based delegation model called user-to-role delegation model (URDM), which supports multiple delegation, role hierarchy, and single-step delegation. Four situations are analyzed when URDM runs a multiple delegation process. A Web-based system called university delegation management system (UDMS) is designed and implemented to verify the core functionality of URDM within the first situation.