17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana


Engineering of Role/Permission Assignments

Pete Epstein
AT&T
USA

Ravi Sandhu
George Mason University
USA

In this paper, we develop a model for engineering role-permission assignment. Our model builds upon the well-known RBAC96 model [SCFY96]. Assigning permissions to roles is considered too complex an activity to accomplish directly. Instead we advocate breaking down this process into a number of steps. We specifically introduce the concept of Jobs, Work-patterns, and Tasks to facilitate role-permission assignment into a series of smaller steps. We describe methodologies for using this model in two different ways. In a top-down approach, roles are decomposed into permissions, whereas in a bottom-up approach, permissions are aggregated into roles

Read Paper Read Paper (in PDF)