Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration

Chang Joo Moon, Dae Ha Park, Soung Jin Park, Doo Kwon Baik

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)


RBAC is a family of reference models in which permissions are assigned to roles, and users are also assigned to appropriate roles. Studies on the permission-role part of RBAC model are relatively insufficient compared with those on the user-role part, and researches on symmetric RBAC models to overcome this is also in an incipient stage. Therefore there is difficulty in assigning permissions suitable for roles. This paper proposes a symmetric RBAC model that supplements the constraints on permission assignment set forth by previous studies. The proposed symmetric RBAC model reflects the conflicts of interests between roles and the sharing and integration of permissions on the assignment of permissions by presenting the constraints on permission assignment that take the separation of duties and role hierarchies into consideration. In addition, by expressing constraints prescribing prerequisite relations between permissions through AND/OR graphs, it is possible to effectively limit the complicated prerequisite relations of permissions. The constraints on permission assignment for the proposed symmetric RBAC model reduce errors in permission assignment by properly detailing rules to observe at the time of permission assignment.

Original languageEnglish
Pages (from-to)126-136
Number of pages11
JournalComputers and Security
Issue number2
Publication statusPublished - 2004 Mar


  • Authorization
  • Constraint
  • Permission Assignment
  • RBAC
  • Role

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration'. Together they form a unique fingerprint.

Cite this