Issue No.01 - January/February (2010 vol.8)
Mark Strembeck , Vienna University of Economics and Business
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.46
Access control deals with eliciting, specifying, enforcing, and maintaining access control policies in software-based systems. Recently, role-based access control (RBAC)—together with various extensions—has developed into a de facto standard for access control. Scenario-driven role engineering is a systematic approach for defining customized RBAC models, including roles, permissions, constraints, and role hierarchies. Since its first publication in 2002, the author gained considerable experience with scenario-driven role engineering, and several consulting firms and international projects have adopted the approach. Based on these experiences, the author enhanced the approach and now has a much deeper understanding of the relations between different role-engineering artifacts, the need for process tailoring, and the use of preexisting documents in role-engineering activities.
role-based access control, role engineering, security management
Mark Strembeck, "Scenario-Driven Role Engineering", IEEE Security & Privacy, vol.8, no. 1, pp. 28-35, January/February 2010, doi:10.1109/MSP.2010.46