The application of this model is apparent in commercial data management systems and it is widely used due to the papers written by Baldwin describing a database system using role …show more content…
There for the Role Base Access Control model is used to naming and describing a many to many relation between individuals and their allocated privileges.
There are three primary role that are used to define the role base access control
1) Role assignment: A subject can manipulate system objects only if the subject has selected or been assigned a role. The user authentication i.e. login is not considered as part of manipulating a system object.
2) Role authorization: the subject active roll must be authorized for the subject. With rule one it ensures that users could only take on role for which they are authorized.
3) Transaction authorization: A subject can execute a transaction only if the transaction is authorized for the subject's active role. Rule 1 and 2 ensure that the subject can only exercise transactions for which it is authorized. This rule also allow the possibility of further restrictions, for example an intern in a hospital setting could be given the role of doctor but with limited right as not to be able to write …show more content…
That is no single individual given set of transaction could execute the whole transaction. This could be seen in an example like the initiating a payment transaction and the authorization of payment transaction. The authorization of payment will be done by a specific user and that of initiating the payment will be done by another user. This will eliminate fraud which is the principal objective of separation of duties. There is the static and the dynamic separation of duties. The static separation example will be for an individual to have the authorization and privileges to initiate a payment but not the authorization to make a payment. This security measure might be too expensive for the organization and they could opt for the dynamic separation of duties. Where by the same individual would have the privileges to execute a complete set of transactions. An example of a dynamic separation of duties will be for the individual to be able to initiate a payment and make a payment. That individual will not have the authority to initiate a payment and make a payment on the same transaction. But will have the authority to initiate and make a payment on different transactions. The static policy could be implemented by checking only roles of users; for the dynamic case, the system must use both role and user ID in checking access to