Db1 a role can be assigned to one or more prms

Unformatted text preview: amp;on 1. Core RBAC. •  •  •  •  •  •  •  •  •  •  •  •  USERS, ROLES, OPS, and OBS (users, roles, operaIons, and objects, respecIvely). UA USERS ROLES, a many- to- many mapping user- to- role assignment relaIon. assigned users: (r:ROLES) →2^USERS, the mapping of role r onto a set of users. Formally: assigned_users(r) = {u ε USERS (u, r) ε UA}. PRMS = 2 ^ (OPS xOBS), the set of permissions. PA ⊆ PRMS x ROLES, a many- to- many mapping permission- to- role assignment relaIon. assigned permissions(r: ROLES) → 2^PRMS, the mapping of role r onto a set of permissions. Formally: assigned permissions(r) = {u ε PRMS (p, r) ε PA}. Ob(p: PRMS) →{op ⊆ OPS}, the permission- to- operaIon mapping, which gives the set of operaIons associated with permission p. Ob(p: PRMS) → {ob ⊆ OBS}, the permission- to- object mapping, which give the set of objects associated with permission p. SESSIONS, the set of sessions. user sessions (u: USERS) → 2^SESSIONS, the mapping of user u onto a set of sessions. session roles (s: SESSIONS) → 2^ROLES, the mapping of session s onto a set of roles. Formally: session roles (st) ⊆ {r ε ROLES | (session_users (st ), r ε UA}. Role hierarchies can be defined as inheritance relaIonships between roles. USERS Process Person Intelligent Agent ROLES An organizational job function with a clear definition of inherent responsibility and authority (permissions). Developer Budget Manager Help Desk Representative Director Relation between USERS & PRMS OPERATIONS An execution of a program specific function that is invocated by a user. ü༏  Database – Update Insert Append ü༏  Delete Locks – Open Close ü༏  Reports – Create View Print ü༏  ApplicaIons - Read Write Execute SQL OBJECTS An enIty that contains or receives informaIon, or has exhausIble system resources. • OS Files or Directories • DB Columns, Rows, Tables, or Views • Printer • Disk Space •...
