Role Based Access Control
- Tags
- security
An ACM that [see page 27, decouples] and separates users and permissions by using an intermediate representation of a role.
Users are granted privileges based on their roles, for example a lecturer can add students to his class, a student can get through security gates to reach lecture rooms. These privileges are given to the role of a student, independent of the exact student in question.
We [see page 28, define]:
| Term | Description |
|---|---|
| \( \text{ROLES} \) | A set of roles |
| \( \text{USERS} \) | A set of users |
| \( \text{UA} \subset \text{USERS} \times \text{ROLES} \) | A relation between users and the roles they have |
| \( \text{PA} \subset \text{ROLES} \times \text{PERMISSIONS} \) | A relation between roles and the permissions they're granted |
The access control model is therefore defined as:
\begin{align*} \text{AC} &:= \text{PA} \circ \text{UA} \\
&:= \\{(u,p) \in \text{USERS} \times \text{PERMISSIONS} | \exists r \in \text{ROLES}: (u, r) \in \text{UA} \wedge (r,p) \in \text{PA} \\} \\\\\end{align*}
The inner join of the users to the permissions they have through their assigned roles.