Role-based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation

In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we investigate one aspect of RBAC administration concerning assignment of users to roles. We define a role-based administrative model, called URA97 (User-Role Assignment ’97), for this purpose and describe its implementation in the Oracle database management system. Although our model is quite different from that built into Oracle, we demonstrate how to use Oracle stored procedures to implement it.

[1]  Jie Wu,et al.  User Group Structures in Object-Oriented Database Authorization , 1994, DBSec.

[2]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[3]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[4]  SandhuRavi,et al.  Role-based administration of user-role assignment: The URA97 model and its Oracle implementation , 1999 .

[5]  Pietro Iglio,et al.  A formal model for role-based access control with constraints , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6]  Ravi S. Sandhu,et al.  Roles versus groups , 1996, RBAC '95.

[7]  Elisa Bertino,et al.  Authorizations in relational database management systems , 1993, CCS '93.

[8]  Teresa F. Lunt Access control policies: Some unanswered questions , 1989, Comput. Secur..

[9]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[10]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[11]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  Imtiaz Mohammed,et al.  Design for dynamic user-role-based security , 1994, Comput. Secur..

[14]  Sylvia L. Osborn,et al.  Access Rights Administration in Role-Based Security Systems , 1994, DBSec.

[15]  Kevin Loney,et al.  Oracle: The complete reference , 1990 .

[16]  Steven Feuerstein,et al.  Oracle PL/SQL Programming , 1993 .

[17]  Ravi S. Sandhu,et al.  Rationale for the RBAC96 family of access control models , 1996, RBAC '95.

[18]  Sebastiaan H. von Solms,et al.  The management of computer security profiles using a role-oriented approach , 1994, Comput. Secur..

[19]  Ravi Sandhu,et al.  Proceedings of the 1st ACM conference on Computer and communications security , 1993, Conference on Computer and Communications Security.