RoleBased Administration of UserRole Assignment The URA 97
Role-Based Administration of User-Role Assignment: The URA 97 Model and its Oracle Implementation Ravi Sandhu Venkata Bhamidipati Laboratory for Information Security Technology (LIST) George Mason University
OUTLINE u RBAC 96 review u URA 97 model u URA 97 Oracle implementation u Closing remarks © Ravi Sandhu 1997 2
RBAC 96 ROLES USERS . . . PERMISSIONS CONSTRAINTS SESSIONS ADMIN ROLES © Ravi Sandhu 1997 ADMIN PERMISSIONS 3
RBAC 96: RBAC 0 ROLES USERS PERMISSIONS . . . SESSIONS © Ravi Sandhu 1997 4
RBAC 96: RBAC 1 ROLES USERS PERMISSIONS . . . SESSIONS © Ravi Sandhu 1997 5
RBAC 96 : RBAC 2 ROLES USERS . . . PERMISSIONS CONSTRAINTS SESSIONS © Ravi Sandhu 1997 6
RBAC 96 : RBAC 3 ROLES USERS . . . PERMISSIONS CONSTRAINTS SESSIONS © Ravi Sandhu 1997 7
RBAC 96 ROLES USERS . . . PERMISSIONS CONSTRAINTS SESSIONS ADMIN ROLES © Ravi Sandhu 1997 ADMIN PERMISSIONS 8
RBAC 96 RBAC 3 RBAC 1 RBAC 2 RBAC 0 © Ravi Sandhu 1997 ARBAC 3 ARBAC 1 ARBAC 2 ARBAC 0 9
SCALE AND RATE OF CHANGE u roles: 100 s or 1000 s u users: 1000 s or 10, 000 s or more u Frequent changes to user-role assignment l permission-role assignment l u Less l frequent changes for role hierarchy © Ravi Sandhu 1997 10
ADMINISTRATIVE RBAC user-role assignment l permission-role assignment l role-role hierarchy l © Ravi Sandhu 1997 11
EXAMPLE ROLE HIERARCHY Director (DIR) Project Lead 1 (PL 1) Production 1 (P 1) Project Lead 2 (PL 2) Quality 1 (Q 1) Production 2 (P 2) Engineer 1 (E 1) PROJECT 1 © Ravi Sandhu 1997 Quality 2 (Q 2) Engineer 2 (E 2) Engineering Department (ED) Employee (E) PROJECT 2 12
EXAMPLE ADMINISTRATIVE ROLE HIERARCHY Senior Security Officer (SSO) Department Security Officer (DSO) Project Security Officer 1 (PSO 1) © Ravi Sandhu 1997 Project Security Officer 2 (PSO 2) 13
URA 97 GRANT MODEL: can-assign ARole PSO 1 PSO 2 DSO SSO © Ravi Sandhu 1997 Prereq Role ED ED ED E ED Role Range [E 1, PL 1) [E 2, PL 2) (ED, DIR) [ED, ED] (ED, DIR] 14
URA 97 GRANT MODEL : can-assign ARole PSO 1 PSO 2 © Ravi Sandhu 1997 Prereq Cond ED ED & ¬ P 1 ED & ¬ Q 1 ED ED & ¬ P 2 ED & ¬ Q 2 Role Range [E 1, E 1] [Q 1, Q 1] [P 1, P 1] [E 2, E 2] [Q 2, Q 2] [P 2, P 2] 15
URA 97 GRANT MODEL u “redundant” assignments to senior and junior roles are allowed l are useful l © Ravi Sandhu 1997 16
URA 97 REVOKE MODEL u WEAK REVOCATION revokes explicit membership in a role l independent of who did the assignment l © Ravi Sandhu 1997 17
URA 97 REVOKE MODEL u STRONG REVOCATION revokes explicit membership in a role and its seniors l authorized only if corresponding weak revokes are authorized l alternatives l n all-or-nothing n revoke © Ravi Sandhu 1997 within range 18
URA 97 REVOKE MODEL : can-revoke ARole PSO 1 PSO 2 DSO SSO © Ravi Sandhu 1997 Role Range [E 1, PL 1) [E 2, PL 2) (ED, DIR) [ED, DIR] 19
ORACLE ROLES u support RBAC 1 u administrative model has strong discretionary flavor l administrative authority on role implies n can grant role to any user or role n can grant role to any role l anyone with grant option on a permission can grant it to any role © Ravi Sandhu 1997 20
URA 97 IN ORACLE u administrative option for all roles is retained solely with DBA l never given to any user u use generic stored procedures with URA 97 can-assign and can-revoke implemented as relations © Ravi Sandhu 1997 21
URA 97 IN ORACLE u Oracle primitives for traversing role hierarchy need to be extended © Ravi Sandhu 1997 22
can-assign in dnf ER DIAGRAM CAN_ASSIGN Admin Role Pre. Condition Min_Int Min Role Max_Int CAN_ASSIGN 3 AND set name AND roles © Ravi Sandhu 1997 CAN_ASSIGN 2 Pre. Condition AND set name NOT set name CAN_ASSIGN 4 NOT set name NOT roles 23
can-revoke RELATION CAN_REVOKE Admin Role Min_Int Min Role Max_Int © Ravi Sandhu 1997 24
ORACLE STORED PROCEDURES u can extend Oracle access control model u limitation stored procedure can determine who the user is BUT l cannot determine active roles of the user l © Ravi Sandhu 1997 25
URA 97 STORED PROCEDURES u ASSIGN(user, trole, arole) u WEAK_REVOKE(user, trole, arole) u STRONG_REVOKE(user, trole, arole) user: user being added to trole l trole: target role l arole: administrative role used for this operation l n due © Ravi Sandhu 1997 to Oracle limitations 26
CLOSING REMARKS: PREVIEW OF WORK IN PROGRESS u user-role assignment URA 97 and Oracle, this paper l other platforms l u permission-role assignment PRA 97, dual of URA 97 l Oracle implementation l © Ravi Sandhu 1997 27
CLOSING REMARKS: PREVIEW OF WORK IN PROGRESS u role-role hierarchy user-only roles (groups): like URA 97 l permission-only roles: like PRA 97 l user and permission roles: RRA 97 l © Ravi Sandhu 1997 28
- Slides: 28