14th Annual Computer Security Applications Conference
December 7-11, 1998
Phoenix, Arizona


The RRA97 Model for Role-Based Administration of Role Hierarchies

Ravi Sandhu and Qamar Munawer

Role-based access control (RBAC) has recently received a lot of attention due to its flexibility, expressive power and simplicity in administration. In RBAC permissions are associated with roles and users are made members of roles thereby acquiring the associated permissions. Centralized management of RBAC in large systems is a tedious and costly task. An appealing possibility is to use RBAC itself to facilitate decentralized administration of RBAC. The recently proposed ARBAC97 (administrative RBAC '97) model identifies components called URA97, PRA97 and RRA97 for administration of user-role, permission-role and role-role assignments respectively. URA97 and PRA97 have already been described in detail in the literature, whereas RRA97 has so far not been defined.

The central contribution of this paper is to give a complete and formal definition of RRA97, thereby completing the ARBAC97 model. The effect of role-role assignment is to construct a role hierarchy (that is, a partial order) in which senior roles inherit permissions from junior roles. Modifications to the role hierarchy can have drastic impact on the effective distribution of permissions to roles. At the same time we would like to decentralize this aspect of RBAC administration so that, for example, it should be possible for project security officers to rearrange roles within a project without impacting other role relationships within the department in which the project exists. RRA97 shows how this goal can be achieved.