Abstract :
Access control deals with eliciting, specifying, enforcing, and maintaining access control policies in software-based systems. Recently, role-based access control (RBAC)-together with various extensions-has developed into a de facto standard for access control. Scenario-driven role engineering is a systematic approach for defining customized RBAC models, including roles, permissions, constraints, and role hierarchies. Since its first publication in 2002, the author gained considerable experience with scenario-driven role engineering, and several consulting firms and international projects have adopted the approach. Based on these experiences, the author enhanced the approach and now has a much deeper understanding of the relations between different role-engineering artifacts, the need for process tailoring, and the use of preexisting documents in role-engineering activities.
Keywords :
access control; constraints; permissions; role hierarchies; role-based access control; roles; scenario-driven role engineering; Access control; Maintenance engineering; Permission; Standards development; Systems engineering and theory; role engineering; role-based access control; security management;
