Discovery-based role activations in role-based access control

In role-based access control (RBAC), users and objects are assigned to one or more roles. Users should be active in the role that has the required permissions before access is granted. Thus, users should be aware of the role-permission assignments for activating the required roles. In general, with respect to role activations, current systems follow the human-active, system-passive model. Users often get swamped with role activations due to numerous factors that include increase in the number of objects, multiple role assignments, and shifting roles often, and lean toward activating all the assigned roles violating the principle of least privilege (PLP). In this paper, we introduce smartaccess, a system based on the system-active, human-passive model that allows users to concentrate on what objects they need, rather than what role should be activated in order to carry on their work efficiently. Furthermore, it provides access control by preserving the PLP and without any information leak. We provide algorithms for discovering roles and analyze various associated factors