Issue No. 06 - November/December (2007 vol. 5)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.158
Ninghui Li , Purdue University
Ji-Won Byun , Purdue University
Elisa Bertino , Purdue University
Vendors have widely adopted RBAC to manage user access to computer resources in various products, including database management systems. However, as this analysis shows, the standard is hindered by limitations, errors, and design flaws.
role-based access control, security, authorization management, standards
J. Byun, N. Li and E. Bertino, "A Critique of the ANSI Standard on Role-Based Access Control," in IEEE Security & Privacy, vol. 5, no. , pp. 41-49, 2007.