Information Technology Reference
In-Depth Information
Promotion & Tenure
Department Chair
(Chair)
Voting Member
(P&T VM)
Untenured
Faculty
Tenured
CS Faculty
CE Faculty
Faculty
(CS Fac)
(CE Fac)
(UnTen)
(Ten)
Faculty
(Fac)
Fig. 1.
Role Hierarchy Structure
represented by a set
SSD
of pairs (
rs, n
), where
rs
is a set of mutually exclusive
roles and
n
2. When (
rs, n
)isin
SSD
, no users should be authorized to act in
n
or more of the roles in
rs
.
Note that static separation of duty constrains the role hierarchy as well as
the user-role assignment
UA
. For example, if a user
U
is authorized to act in
role
R
1
and
R
1
inherits
R
2
,
U
is also authorized to act in role
R
2
.Thus,both
UA
and
≥
must be checked to ensure that they satisfy the
SSD
constraints.
Dynamic separation of duty constrains the combinations of roles that users
may
activate
at any given instant, and is specified by a set
DSD
of pairs similar
to
SSD
.When(
rs, n
)isin
DSD
, a user cannot have
n
or more roles in
rs
simulta-
neously activated. When a user activates a set of roles, the set of roles constitutes
a
session
. The function
session roles
(
s
) determines the set of activated roles as-
sociated with the session
s
. In an RBAC system, the role-activation monitor
denies any role-activation requests that would violate the
DSD
constraints.
2.3
RBAC Example
As an example of an RBAC policy, consider a hypothetical academic department
that houses both Computer Science (CS) and Computer Engineering (CE) pro-
grams. The department includes both tenured and untenured faculty, and every
faculty member is associated with at least one of the two academic programs.
In addition, the department has a chairperson and a Promotion & Tenure (P&
T) committee. Thus, there are seven relevant roles for this example:
ROLES
=
{
Fac, Ten, UnTen, CS Fac, CE Fac, Chair, P&T VM
}
.
Figure 1 provides a Hasse diagram representing a plausible role-inheritance re-
lation for this scenario (e.g., the roles
Chair
and
P&T VM
both inherit
Ten
).
The standard academic situation is that no one can be both tenured and
untenured, and hence the roles
Ten
and
UnTen
should be mutually exclusive.
Furthermore, the department's bylaws mandate that the chair cannot be a P&T
