Browse Prior Art Database

An effective method to manage existing RBAC roles

IP.com Disclosure Number: IPCOM000171100D
Original Publication Date: 2008-May-29
Included in the Prior Art Database: 2008-May-29
Document File: 2 page(s) / 63K

Publishing Venue

IBM

Abstract

Disclosed is a method to effectively manage RBAC (Role Based Access Control) roles.Our proposed invention is to customize the Role in such a way that it can be assigned to multiple users instead of creating new roles.The advantage of this invention is to use a single Role for multiple users though they need different authorizations from the role. This also reduces the size of Roles database by not having many entries and hence the database management becomes easier.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

An effective method to manage existing RBAC roles

Name : Manjunath N Mangalur, Yogesh L Hegde

Disclosed is a method to effectively manage RBAC (Role Based Access Control) roles.

RBAC allows the creation of roles for system administration and the delegation of administrative tasks across a set of trusted system users. Generally, RBAC provides a mechanism through which the administrative functions typically reserved for the root user can be assigned to regular system users.

RBAC accomplishes this by defining job functions (roles) within an organization and assigning those roles to specific users. RBAC is essentially a framework that allows for system administration through the use of roles. Roles are typically defined with the scope of managing one or more administrative aspects of the environment. Assigning a role to a user effectively confers a set of permissions or privileges and powers to the user. For example, one management role might be to manage the file-systems, while another role might be to enable the creation of user accounts.

In RBAC, roles are created using authorizations which is a text string associated with security-related functions or commands. Authorizations provide a mechanism to grant rights to users to perform privileged actions and to provide different levels of functionality to different classes of users.

Currently there is no method to customize the Roles in RBAC. Suppose a role R1 has 50 authorizations and the role is assigned to two users say, User1 and User2.

1

[This page contains 2 pictures or other non-text objects]

Page 2 of 2

After some point of time, it is found that User2 is not supposed to have one authorization out of those 50 authorizations which R1 has. Hence to remove that authorization, one more role, say R2 has to be created with 49 authorizations and sho...