Enterprise model as a basis of administration on role-based access control

Access control is one of the important security issues for large enterprise organizations. The role-based access control (RBAC) model is well known and recognized as a good security model for the enterprise environment. Though RBAC is a good model, the administration of RBAC including building and maintaining access control information remains a difficult problem in large companies. The RBAC model itself does not tell the solution. Little research has been done on the practical ways of finding information that fills RBAC components such as role, role hierarchy, permission-role assignment, user-role assignment, and so on from the real world. We suggest model-based administration of RBAC in an enterprise environment. Model-based administration methods allow the security administrator to manage access control by a GUI that supports a graphical enterprise model. If the security administrator creates or changes some of the components of the graphical enterprise model, then it is translated to RBAC schema information by the administration tool. We focus on a practical way of deriving access control information from the real world. It is a core of model-based administration. We show the derivation method and implementation experiences