Download presentation
Presentation is loading. Please wait.
Published byEvelyn Nichols Modified over 11 years ago
1
An ORACLE Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu Venkata Bhamidipati George Mason University
2
2 © Ravi Sandhu 1997 ARBAC97 DECENTRALIZES u user-role assignment (URA97) l ORACLE implementation in 1997 u permission-role assignment (PRA97) l ORACLE implementation in 1998 u role-role hierarchy n groups or user-only roles (extend URA97) n abilities or permission-only roles (extend PRA97) n UP-roles or user-and-permission roles (RRA97)
3
3 © Ravi Sandhu 1997 EXAMPLE ROLE HIERARCHY Employee (E) Engineering Department (ED) Project Lead 1 (PL1) Engineer 1 (E1) Production 1 (P1) Quality 1 (Q1) Director (DIR) Project Lead 2 (PL2) Engineer 2 (E2) Production 2 (P2) Quality 2 (Q2) PROJECT 2PROJECT 1
4
4 © Ravi Sandhu 1997 EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO1) Project Security Officer 2 (PSO2)
5
5 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT u dual of user-role assignment u can-assign-permission can-revoke-permission u weak revoke strong revoke (propagates down)
6
6 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT CAN-ASSIGN-PERMISSION ARolePrereq CondRole Range PSO1PL1[E1,PL1) PSO2PL2[E2,PL2) DSOE1 E2[ED,ED] SSOPL1 PL2 [ED,ED] SSOED[E,E]
7
7 © Ravi Sandhu 1997 PERMISSION-ROLE ASSIGNMENT CAN-REVOKE-PERMISSION ARoleRole Range PSO1[E1,PL1] PSO2[E2,PL2] DSO(ED,DIR) SSO[ED,DIR]
8
8 © Ravi Sandhu 1997 ORACLE IMPLEMENTATION u assigns and revokes individual permissions to roles u can be extended to assign and revoke roles (permission-only abilities) to roles (UP-roles) l decentralization of permission-role assignment is probably more effective in this mode
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.