The role control center: Features and case studies

David F. Ferraiolo, Gail-Joon Ahn, R. Chandramouli, Serban I. Gavrila

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations


Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products are used for centralized management of authorizations for resources resident in several heterogeneous systems (called target systems) distributed throughout the enterprise. The RBAC model used in an ESMS is called the Enterprise RBAC model (ERBAC). An ERBAC model can be used to specify not only sophisticated access requirements centrally for resources resident in several target systems, but also administrative data required to map those defined access requirements to the access control structures native to the target platforms. However, the ERBAC model (i.e., the RBAC implementation) supported in many commercial ESMS products has not taken full advantage of policy specification capabilities of RBAC. In this paper we describe an implementation of ESMS called the 'Role Control Center' (RCC) that supports an ERBAC model that includes features such as general role hierarchy, static separation of duty constraints, and an advanced permission review facility (as defined in NIST's proposed RBAC standard). We outline the various modules in the RCC architecture and describe how they collectively provide support for authorization administration tasks at the enterprise and target-system levels.

Original languageEnglish (US)
Title of host publicationProceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
Number of pages9
StatePublished - 2003
Externally publishedYes
EventProceedings of Eighth ACM Symposium on Access Control Models and Technologies - Villa Gallia, Como, Italy
Duration: Jun 2 2003Jun 3 2003


OtherProceedings of Eighth ACM Symposium on Access Control Models and Technologies
CityVilla Gallia, Como


  • Administrative roles
  • Authorization management
  • Role graph
  • Role hierarchy
  • Separation of duty

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'The role control center: Features and case studies'. Together they form a unique fingerprint.

Cite this