An Administrative Model for Role-Based Access Control Using Hierarchical Namespace

Access Control is an important mechanism of information security. Role-Based Access Control is a famous access control approach with good flexibility. RBAC96 and ARBAC97 are classical RBAC models. The ARBAC97 model facilitates decentralized administration of RBAC. However, ARBAC97 has some shortcomings in the case of being used in an organization with autonomous subsidiaries. The member of an administrative role can operate directly in the role range of a junior administrative role, which violates the autonomy of subsidiaries. We propose a new model named N-RBAC to overcome this weakness. In N-RBAC, roles are arranged according to a hierarchical namespace structure. Thus the role hierarchy is constructed in a local space instead of in a global space. The N-RBAC model does a better work in decentralized role administration in those organizations composed of autonomous subsidiaries.