The Community for Technology Leaders
Green Image
Issue No. 01 - January/February (2010 vol. 8)
ISSN: 1540-7993
pp: 28-35
Mark Strembeck , Vienna University of Economics and Business
Access control deals with eliciting, specifying, enforcing, and maintaining access control policies in software-based systems. Recently, role-based access control (RBAC)—together with various extensions—has developed into a de facto standard for access control. Scenario-driven role engineering is a systematic approach for defining customized RBAC models, including roles, permissions, constraints, and role hierarchies. Since its first publication in 2002, the author gained considerable experience with scenario-driven role engineering, and several consulting firms and international projects have adopted the approach. Based on these experiences, the author enhanced the approach and now has a much deeper understanding of the relations between different role-engineering artifacts, the need for process tailoring, and the use of preexisting documents in role-engineering activities.
role-based access control, role engineering, security management

M. Strembeck, "Scenario-Driven Role Engineering," in IEEE Security & Privacy, vol. 8, no. , pp. 28-35, 2010.
109 ms
(Ver 3.3 (11022016))