| 词条 | Role hierarchy |
| 释义 | In role based access control, the role hierarchy defines an inheritance relationship among roles. For example, the role structure for a bank may treat all employees as members of the ‘employee’ role. Above this may be roles ‘department manager’, and ‘accountant’, which inherit all permissions of the ‘employee’ role, while above ‘department manager’ could be ‘savings manager’, ‘loan manager’. RBAC models generally treat the role hierarchy as either a tree (set theory), as in the 1992 RBAC model of Ferraiolo and Kuhn (FK), or a partially ordered set in the 1996 RBAC framework of Sandhu, Coyne, Feinstein, and Youman (SCFY). In object oriented programming terms, the tree role hierarchy is single inheritance, while the partial hierarchy allows multiple . When treated as a partial order, the role hierarchy example given above could be extended to a role such as ‘branch manager’ to inherit all permissions of ‘savings manager’, ‘loan manager’, and ‘accountant’. Complications can arise when constraints such as separation of duties exist between roles. If separation of duty was used to prohibit personnel from holding both ‘loan manager’ and ‘accountant’ roles, then ‘branch manager’ could not inherit permissions from both of them. The NIST RBAC model, which unified the FK and SCFY models, treats the role hierarchy as a partial order, although RBAC products have not gone beyond the tree structured hierarchy. 1 : Computer access control |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。