|
Role Hierarchy
{{Unreferenced, date=June 2019, bot=noref (GreenC bot) In role based access control, the role hierarchy defines an inheritance relationship among roles. For example, the role structure for a bank may treat all employees as members of the ‘employee’ role. Above this may be roles ‘department manager’, and ‘accountant’, which inherit all permissions of the ‘employee’ role, while above ‘department manager’ could be ‘savings manager’, ‘loan manager’. RBAC models generally treat the role hierarchy as either a tree (set theory), as in the 1992 RBAC model of Ferraiolo and Kuhn (FK), or a partially ordered set in the 1996 RBAC framework of Sandhu, Coyne, Feinstein, and Youman (SCFY). In object oriented programming terms, the tree role hierarchy is single inheritance, while the partial hierarchy allows multiple . When treated as a partial order, the role hierarchy example given above could be extended to a role such as ‘branch manager’ to inherit all p ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Role-based Access Control
In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication. Design Within an organization, roles are created for various job functions. The permissions to perform certain operations are assign ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tree (set Theory)
In set theory, a tree is a partially ordered set (''T'', <) such that for each ''t'' ∈ ''T'', the set is by the relation <. Frequently trees are assumed to have only one root (i.e. ), as the typical questions investigated in this field are easily reduced to questions about single-rooted trees. Definition A tree is a (poset) (''T'', <) such that for each ''t'' ∈ ''T'', the set is by the ...[...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Partially Ordered Set
In mathematics, especially order theory, a partially ordered set (also poset) formalizes and generalizes the intuitive concept of an ordering, sequencing, or arrangement of the elements of a Set (mathematics), set. A poset consists of a set together with a binary relation indicating that, for certain pairs of elements in the set, one of the elements precedes the other in the ordering. The relation itself is called a "partial order." The word ''partial'' in the names "partial order" and "partially ordered set" is used as an indication that not every pair of elements needs to be comparable. That is, there may be pairs of elements for which neither element precedes the other in the poset. Partial orders thus generalize total orders, in which every pair is comparable. Informal definition A partial order defines a notion of Comparability, comparison. Two elements ''x'' and ''y'' may stand in any of four mutually exclusive relationships to each other: either ''x'' ''y'', ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Object Oriented Programming
Object-oriented programming (OOP) is a programming paradigm based on the concept of "objects", which can contain data and code. The data is in the form of fields (often known as attributes or ''properties''), and the code is in the form of procedures (often known as ''methods''). A common feature of objects is that procedures (or methods) are attached to them and can access and modify the object's data fields. In this brand of OOP, there is usually a special name such as or used to refer to the current object. In OOP, computer programs are designed by making them out of objects that interact with one another. OOP languages are diverse, but the most popular ones are class-based, meaning that objects are instances of classes, which also determine their types. Many of the most widely used programming languages (such as C++, Java, Python, etc.) are multi-paradigm and they support object-oriented programming to a greater or lesser degree, typically in combination with impera ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Separation Of Duties
Separation of duties (SoD), also known as segregation of duties is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises. In the political realm, it is known as the separation of powers, as can be seen in democracies where the government is separated into three independent branches: a legislature, an executive, and a judiciary. General description Separation of duties is a key concept of internal controls. Increased protection from fraud and errors must be balanced with the increased cost/effort required. In essence, SoD implements an appropriate level of checks and balances upon the activities of individuals. R. A. Botha and J. H. P. Eloff in the '' IBM Systems Journal'' describe SoD as follows. Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NIST RBAC Model
The NIST RBAC model is a standardized definition of role-based access control. Although originally developed by the National Institute of Standards and Technology, the standard was adopted and is copyrighted and distributed as INCITS 359-2004 by the International Committee for Information Technology Standards (INCITS). The latest version is INCITS 359-2012. It is managed by INCITS committee CS1. History In 2000, NIST called for a unified standard for RBAC, integrating the RBAC model published in 1992 by Ferraiolo and Kuhn with the RBAC framework introduced by Sandhu, Coyne, Feinstein, and Youman (1996). This proposal was published by Sandhu, Ferraiolo, and Kuhn and presented at the ACM 5th Workshop on Role Based Access Control. Following debate and comment within the RBAC and security communities, NIST made revisions and proposed a U.S. national standard for RBAC through the INCITS. In 2004, the standard received ballot approval and was adopted as INCITS 359-2004. Sandhu, Fe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
