Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and possible weaknesses, and review current developments to mitigate these weaknesses. This review helps practitioners to assess the applicability of RBAC to their organization and also indicates where more research is needed to improve RBAC.
- role management
- security management
- Identity and Access Management (IAM)
- role engineering
- Access Control