CONUGA: Constrained user-group assignment
In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control. (C) 2001 Academic Press.
- Issue Date
- 2001-04
- Language
- English
- Article Type
- Article
- Citation
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, v.24, no.2, pp.87 - 100
- ISSN
- 1084-8045
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.