CONUGA: Constrained user-group assignment

Gail Joon Ahn, Kwangjo Kim

Research output: Contribution to journalArticlepeer-review


In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control.

Original languageEnglish (US)
Pages (from-to)87-100
Number of pages14
JournalJournal of Network and Computer Applications
Issue number2
StatePublished - Apr 2001
Externally publishedYes

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'CONUGA: Constrained user-group assignment'. Together they form a unique fingerprint.

Cite this