It denes a set of basic rbac elements ie user

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: types –  Mutually exclusive roles (U à༎ R and R à༎ P) •  User to only one role in set, permission to only one role •  ImplicaIon – users with different roles have no shared permissions –  Cardinality – maximum number users assigned to role, maximum number of roles permijed a user, maximum number of permissions to a role –  Prerequisite – can assign role only if already assigned prerequisite role •  Idea is to support least privilege…if role R1 inherits from R2 and R3, then if only R2 or R3 rights are needed, those roles can be used •  Remember, no hierarchies in RBAC2 RBAC3 – Consolidated Model NIST RBAC Standard Two Main Parts - - RBAC Reference Models - - Requirement SpecificaIon Four Components - - Core RBAC - - Hierarchical RBAC - - - Limited Hierarchies - - - General Hierarchies - - StaIc SeparaIon of Duty RelaIons - - - Without Hierarchies - - - With Hierarchies - - Dynamic SeparaIon of Duty RelaIons RBAC Reference Model •  The standard begins with an RBAC Reference Model defining a collecIon of model components. •  It defines a set of basic RBAC elements (i.e. user, roles, permissions, operaIons, and objects) and relaIons as types and funcIons that are included in this standard. •  It serves two purposes: –  It rigorously defines the scope of RBAC features that are included in the standard. •  This covers the core set of features to be encompassed in all RBAC systems, aspects of role hierarchies, aspects of staIc constraint relaIons, and aspects of dynamic constraint relaIons. –  It provides a precise and consistent language, in terms of element sets and funcIons for use in defining the funcIonal specificaI...
View Full Document

Ask a homework question - tutors are online