Issue No.06 - November/December (2007 vol.5)
Ninghui Li , Purdue University
Elisa Bertino , Purdue University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.158
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.
role-based access control, security, authorization management, standards
Ninghui Li, Elisa Bertino, "A Critique of the ANSI Standard on Role-Based Access Control", IEEE Security & Privacy, vol.5, no. 6, pp. 41-49, November/December 2007, doi:10.1109/MSP.2007.158