Mutual exclusion and role inheritance affecting least privilege in RBAC

Role based access control (RBAC) always provides tight security of information and ease of management to security policy. There are certain constraints which make the information security tight. Separation of duty (SOD) in terms of mutual exclusion and role inheritance (RI) are some of those constraints which provide security of information and make the management of security policy easy. On one side after implementing separation of duty, we may able to get tight security but on the other side it can create complexity for the security administrator and the user who uses the system. In this paper we describe the complexities and complications which can be faced after implementing separation of duty in terms of mutually exclusive roles (MER). We also describe the problems which can be faced If either the role inheritance is not implemented or implemented in an incomplete manner. We also propose the solutions to the given problems and propose a model against all the problems discussed.