Attribute Based Administration of Role Based Access Control : A Detailed Description

Abstract

Administrative Role Based Access Control (ARBAC) models deal with how to manage user-role assignments (URA), permission-role assignments (PRA), and role-role assignments (RRA). A wide variety of approaches has been proposed in the literature for URA, PRA, and RRA. In this paper, we propose attribute-based administrative models that unify many prior approaches for URA and PRA. The motivating factor is that attributes of various RBAC entities such as admin users, regular users and permissions can be used to administer URA and PRA in a highly flexible manner. We develop an attribute-based URA model called AURA and an attribute-based PRA model called ARPA. We demonstrate that AURA and ARPA can express and unify many prior URA and PRA models.