Centre for Telematics and Information Technology, University of Twente
Doi
Abstract
Flexibility of management is an important requisite for access control systems as it allows users to adapt the access control system in accordance with practical requirements. This paper builds on earlier work where we defined administrative policies for a general class of
RBAC models. We present a formal definition of administrative refinnement and we show that there is an ordering for administrative privileges which yields administrative refinements of policies. We argue (by giving
an example) that this privilege ordering can be very useful in practice, and we prove that the privilege ordering is tractable