Role-Based Access Control in Retrospect

V. Nunes Leal Franqueira, Roelf J. Wieringa

    Research output: Contribution to journalArticleAcademicpeer-review

    9 Citations (Scopus)
    1 Downloads (Pure)


    Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.
    Original languageUndefined
    Pages (from-to)81-88
    Number of pages8
    JournalComputer (New York)
    Issue number6
    Publication statusPublished - Jun 2012


    • role management
    • security management
    • EWI-21398
    • SCS-Services
    • IR-79589
    • Identity and Access Management (IAM)
    • RBAC
    • role engineering
    • METIS-285070
    • Access Control

    Cite this