Extended Privilege Inheritance in RBAC

M.A.C. Dekker, J.G. Cederquist, J. Crampton, Sandro Etalle

    Research output: Book/ReportReportProfessional

    142 Downloads (Pure)


    In existing RBAC literature, administrative privileges are inherited just like ordinary user privileges. We argue that from a security viewpoint this is too restrictive, and we believe that a more flexible approach can be very useful in practice. We define an ordering on the set of administrative privileges, enabling us to extend the standard privilege inheritance relation in a natural way. This means that if a user has a particular administrative privilege, then she is also implicitly authorized for weaker administrative privileges. We prove the non-trivial result that it is possible to decide whether one administrative privilege is weaker than another and show how this result can be used to decide administrative requests in an RBAC security monitor.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages12
    Publication statusPublished - 12 Oct 2006

    Publication series

    NameCTIT Technical Report Series
    ISSN (Print)1381-3625


    • SCS-Cybersecurity
    • EWI-6945
    • IR-66365
    • METIS-237410

    Cite this