Abstract
Due to the correspondence between the role abstraction
in Role-based Access Control (RBAC) and the notion
of organizational positions, it seems easy to construct
role hierarchies. This is, however, a misconception.
This paper argues that, in order to reflect the functional
requirements, a role hierarchy becomes very complex.
In a bid to simplify the design of role hierarchies suitable
for the expression of access control requirements
in workflow systems, the paper proposes a “typed” role
hierarchy. In a “typed” role hierarchy a role is of a speci
fic type. The associations between different types of
roles are limited by rules that govern the construction
of a role hierarchy. This paper proposes a methodology
to systematically construct a “typed” role hierarchy.
Since the “typed” nature of the role hierarchy is
only relevant during the construction of the role hierarchy,
it can seamlessly be integrated into existing RBAC
schemes that support the concept of role hierarchies.
Eloff, J.H.P., Prof.