A Scenario-driven Role Engineering Process for

Functional RBAC Roles

Mark Strembeck
mark.strembeck@wu-wien.ac.at

Gustaf Neumann
gustaf.neumann@wu-wien.ac.at

Department of Information Systems, New Media Lab

Vienna University of Economics and BA, Austria

ABSTRACT



  
 
! "
# 
$&%



'($



'"  *)+-,/.10234( 65879: ";
 (<"
"

)="
6  
'
(>" 
"*)+?* 
@%A B "C#5<DFE*
? 
'*EGH 
:) "/

I(?
'



'* "
# C( J K
'L%GJ 
 !%
//L"  651MN/E 9 "
# 
 !O%(
BGJ(  (4
  
%P<%>
I6  QL R5TSE B "CU"
 (%
" 
' V
(
WH
 E  
%
# V
 O 6 ('4L)+O %(
"$
B6 (
*)X" 
' !

LY ZB"%GJ%
651[\(
# 

W/%( "E 

GJL%( #%>
%?(
K
4579!L"  #%>

@

? 
%?(


# B6L
% 'E(%# C
"?)+ "E
WK
'

 J 
%I
$
V
 !9
'4(


')F % 6 V
9GJL%( !# F) "(
(6 /@


"B6 (
)=" 
' ?

 "
>'E6 (
";4
 
(
'I)
46 =,/.102 %IGJL%
657#*%# ??'B 

%I6 "
" 
]

" FVWK (W

'O@= "
# 
$^%(
J
9
'(
(
'
"  _

H"   E%
 652#E
@
W:: C"
%E"@

'
=)+4E*"   E%WJ# 9(
BG V# V(WJ6L
%E 9(
%%(

# 

 (
'

 (' 65

*]LB

" ?*'B 

%<VWU (W(
':* "
# (4$^%(


_
'(
(
'J"  9

KO"  O E%
 65

1.1

Motivation

Categories and Subject Descriptors

9( ( (" %"
(" ?  B" ),/.10?2 
%Y$

,/.10?2U
B( O =W4E _ B "*(
*VB@*  "


%K

%E @W59I 
W*"
?,/.102< %KEV(
" (
 =% 
`a ba c*d eXfg hijLk;lNmnBopqnBlRlRk;pqnXo6r&sutFvwRx4y zv{uv|R}~Cvy4}y |4~u
yy}}y|/{_v}4R4~CJv}4R4 yv~C`a ba Od eBfg h@ijLk;lmnBopqnBlRlRk
pqnBoRr&s9|4v{uv|6}!y
v6vR\C
}&#zv4z6v~~{uR4v ~B`a a
d 1lRk;jChpqnXoOe#&hlRYrs1Cvx4zy}^|L91z}v}y |9L!v~~|R}z~


  
(WY)+";4
L
VE

 "
"
%:9(:

General Terms


H
'



'"  R_" C
PV-(GJ
GJ
L%@"C

" (
W


( 

)@J" 4
%

'K"C

LE Y+5 'B5F
!C5
"  !)X(/
'

(
'O9
"( !)+"E %
9GJ%(

'
)9 "
"O(
 6 
"O)9 
,9.0?2<GJ%+ *
5
.1)+I "
"I,9.0?2UGJL%+=("C-(   E
_)!

Cvx4zy}&R6`v~y|X6|4v{uv|R};6x4{u|L}z~

-
H
'(
(
' "
L
( KG?E 6 Q- "53u
)+E$

# 
WGH 
LW 
LU B " N)+-

'



' 

1. INTRODUCTION

,#4(?
'



'*)+/($&V#  % ""  "
@4=,9.0?29

K"  )%>


'N
 6\BGJ
 

 6F"
 6 

@ - 
%

$^(6 "C
 U
5,#
 N" 
V%
Z
 @%VB

)+E
"@

# = 
%:'B 
( 

# ( R5F[E
"(
 1
 /"
J  
 FVE 

  )+E
"

 # O
%KVBJB)+GJ%
9(

8 _"6 

H"GJ# 
W5S'B 

 (
# 
 u";4 B
%
-K(6 "C
" ='B 

 @

(
3 "GJ# 
W<(
G J)


L
# / E"E R5[E
";

# /
 6F

8"
L6  J'B $


 (
 
 6/ VE I 'B 

 'B 

 @

# = E";$
E

'H 

"VE 

   C Q : G ?4)+
<
?"@%


'B 

 

#  E"E 65A79
# B 
L  K4(H
$
'



'<"  *% ('
%U)+*)+E
"

# J,/.10?2( R5P

K "
# 
$^%(

%AV#  %A
ALE
GJ
@ :
'



'
"
(E 6579L"  " 
IVK 

%:*VE
(% u"
"
,/.102GJ%L5 5 
< "E# CX

 6 
"_4)* V 6 "?,/.102

GJ
W%>
%*
N 
N %*L"V#  ( 4! 

WI = GH 
# C
)B99
9";  651MN9E u 
G u  W GH ("9
9
'
$



'H B "CY# =
9](V
_
E'YJV 
(" V(O(

%
ZB
L/Q

% /)\'B 

 (
 65F0u
:(GJB6 
9LE
GJ
L
)+?"  u( * EB/"C# 
'?GH 
# 'GJ
J "((

  ::4# 'B (4
8)u"C# 
' *# ""E9(

8


)+GH (4
* WL @G
 
(
G


@: 
B "E
WJ
$
 
L9GJL%(  
%Y>
# (
W(
_"
";@,/.102<GJL%5
,(O
'(
;(
'( /

K  
" E
GJ;
 /
'(
(
'
"  R5*S!E* B "-
_V#  %-
-"
"_)! "
# 

9("CO

4QL
9
 
%O9(%
W (
" V
F

Y+ )+O C
'
$



'B5"
 ( !GJL%9E 6 '9)X W GJ u 
%) "(

 C@
O"GJG?E

" 

GJ
'J
'

   9
  /@_"4GGE$


" (
-VB
-
'

 * 
%-

$&"

"  6 Q(% 65
79)+* "
# 
 K C*6 "
" G C
 @ K (
6T)+?
"
 (%6 C@

) 
'uEGH 
) "(


'(
(
'X5

1.2

Scenarios: An Overview

,LE
GJ
@ #
'(
(
'J
L%
ZB
L  #)+E
"

# 

E
G
  
%IE# 

W+

$&)+E
"

# FLE(GJ
@ R5

Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that copies
bear this notice and the full citation on the first page. To copy otherwise, to
republish, to post on servers or to redistribute to lists, requires prior specific
permission and/or a fee.
SACMAT02, June 3-4, 2002, Monterey, California, USA.
Copyright 2002 ACM 1-58113-496-7/02/0006 ... 5.00.

[E
"(
 LE(GJ
 %>
K u W GH /EB 5 5@



L
%%NE J)@J W GHX=

JLE (
W$^;E
GJ
L %$
>
%GH 
% (
Q/GH 

L6 

# V
(
WB6 V(

W(
B;R V(
$

WHB)+GH 
"57#:" E%
" 
%N'X 
()+E
";$


# LE(GJ
 !/'4
6 " '( )XE
GJ
L
GJL%(  C_%


'E
%

A!44 B C( _(4%

"FLE(GJ
 F
- 
H V$
6 "K(45B 
9)+K(
 6 
"9
_ E
%@



" 
-VB)+E_>
%U 
%-"
"

%-(


^ 
E(4
$



L% * "
# 
 # %
"?%W
# GJ("?E
L
G? E"$

" EE
GJ
L #4
K \VE 

  #"  #
517=E

E )  W GH#5 'B516

W"E(%VBE %?u) "

(6 5 'B5"GJG?E


" (

 
(%

)(
6 "

' )+O "GJB

L R5[4

 B"(>"E )E
"(
 (

W<(

9(KGH 
# ' R5

]1 GJ(



^""CQ:"%
u
(
 Y -)!@ "
 (Y 69



J[
'E"4E(%VB9% "(VB%VLWI 
J6=
 "
# 
B5179/";4$
44 9"
 ( 4%("9 WL GE 6 '(

O)+4G4)9 "(

%K
9 E
" R5/"
# 
  
 B" (
Wu
 E(%O9GJ%4 W GJ 1)+4GT #E 1B$

 B
%(
'I"
"
%< "
# 
I
< 6= ?6*0\7


L6 " _=
8 OV 
Q: u"C"Q:
)F"E GJu
 
$

%Y=
%6  /"6 (
< GJE
4)1GJ
W*)+G6

B"
 
%K  OO"GJG?E

" (
K9(K
%KE  65
4 ^44 _7= G%
" EJ


%%
4(E

#+ 6I(
G4%6 
< 
%V(%''B VB$

E(GJ
 GJ%
I 
%Y WL @G "
"$
E579)+U;W) "(

6 @PP";4GGE

" @


)E
GJ
L J
'

 =
(GJ
GJ
L6 


'
$

 R5OJ(\
_J%) "Y 6 
%# %-)+_ 
E(
$


@%8GJ%( R5@ *%(ZB
J% '6 GWB " 
8V
E %K(

GJ 9W*  O)# W G%(G
65

'4
6  "
 ( #% "(VB  
V(= "E# 1 "@

K 
%

""E
65179LE !"
"
% "
# 
 !GH @W: 
%
"F WL G


L
# CF C";
(
 # C u
?q%("
WL

V
u_E 65
0)+u
u u(
%E"(
- "
# 
 6GH 

%
)B= F
\ E"E%H  \)(
9 651
H"

H!9'( 

6L
4)9Y "
# (4$^%(

Y
'

(
'U B "C#5
"

AJ 
 @*%(ZB
?GJ%
=
"A VE(
%(

?"E ?)\?"  J 
%I% "(VB 
(
 C@

 R5

3"

NY'
< *%6 
(%"  J% "


VB)+
%
"E  ]B(
" 'B C(
%<)+G

- 

" @


)@Y"  J(
3"(
35NMNY
'

< 

;)
 %HQ:(
U"(4
8Y 
%-"
"
E%@# B* 
%-'(

KE
LQ
K)+EE "(
( 65


9 LE
" 656"
# 

 /
# V
O"@

 VBE+B@
$
 CBL""E
" 6 
%JBE

( F4\
Q 6517=)+=W
) "
(
6 \F%"

O)L"  V(F 4(E

 6L C"@

 19"

2.

9(H" 
%(
' (E @


 R5/7=(% O)! "
# 
 u

E % 

"_ 
"

L( W)+]1 GJ(@/% "
V_ 
%Y    


# (OVE 

  $CLB
(
" $CL4=O $& @6 '
 65

THE
SCENARIO-DRIVEN
ENGINEERING APPROACH

ROLE-


 "
# ($&V#  % B " " "(

%
L



9(

A ";
 (H" 
V 
A  :

# ( :+W

" (
W
&
  L" %9( # ("E Y ""  ?6 

#5J7=E Y  ";$

# 
/
= 'L% E"!)+!%
 

)BGJ(  

 9
"

 

%

H # ("E F%F_ "CH !%>
%H+E 6

ATM

'B 50T EV +"q5 'B5F E _4* 
P E
4GE  '
L6B;$

Customer

)+GJ

'* F "
# 
uGE \9
: C(GJ
 

 \#  =
%%

Insert bank customer card

J"GJ(OW 

'(O @K)#
9 "
 (B5

Enter PIN code

Check PIN code
Enter amount to withdraw
Return customer card

Work Profile

Check credit line

Task_1

Take card

Task_2

Task_n

......

Emit bank notes

Take banknotes

Scenario_x

...

Scenario_y

Scenario_z

9^#IBu<#I/N^#ILL#^
Step_1


  !) )O + W GJ 6
'



'u "
# 
 / 

...

Step_2

Step_n

E %]L(* 
%Y% "(VBuu W GV @(4  =

! 
 B"()+WYE /
% R5\0
E': "
# (4 9OE %:(
: W $

Perm_1

GJ _
'

(
'VB)+F4 "V 
# _E "  I B "U(4
4%N  O =" 6 (W )+J ""6 
"J 
%*%
 GJ(
# 

*)

...

Perm_n

Perm_2
Perm_x

Perm_v

...

Perm_w

"
 ( !(
@( _  51799E'9E# 
@

W)B "
# 
$^ %



 

(6 E+5 'B5(4RBB4X( _ C
J

%
" !)+!@9'4 

=^#6



L _(
N "
# 
 * 
%-
_G?E
() C";%P 
(" V(
(WI(

O>
%Y4) WL G /
'(
(
'X5
"
# 
 =" 
YV_% "(VB%Y

YGI 
W%(ZB
O W 65=2#GJ$



  

J<\ ^U

O6 #^L

GJ

W3W 8 B"
>%=
+ @E"@E%#*]N% "($

!W ^4 Y4 ^+L +5 'B5BL"  

' %# GH '
L(


I

 E6 
""GJ# 
W\" B
% /*
?/GJ? "
# $

(4
 O 
%*%(ZB
WLB )% '6 GJ 65 'B5RGJ  6 ' E
"


 65/79 6  QL  C: 'B (
H"GV(
%H)+GQK4>( R5

"  69 "(

W% '6 GJ 6#
$&
 65I[
'E<J 9 :


GJ
 "
# 
*)+/9
@%6 @O #)\GJ
WY)+4G 
E$

   

4
X  "GJ
 O (6  Q !# _ " C(
WLB/)XGJ$

W4J+E (
'
6 1" 
)+4GI5=

"u " "
 (

GH %*
(GH "C(
J+0\7I%("%  GJ  6 '4 LE
"


_(

Q%-<  _)!BGJ(  

 _
u
_B  (V(Y%
@

" 65F_ ": "
# 

 :
/ 
@%IVLW< 
6 
%

BGJ(  

 )+:  ("E QN>(%
"@
WN)G

]E# % "



#5/79 6 GJ "
 ("E(%8 
YV

6  Q 6 "
# 

 q [
'EH57=)QI4>(  

% "(VB%KE'4 L

%J LE
"O99(K E"@E%K]L

_ E"_)+=O%>

(
K)= /(
GJ(
# W*
$&
6 "W5

)+Y] GJ
53_ "WBH4)O% "(@

GJ#  ( Y%
ZB$





7=O "
# 

$&%

K4(
'(
(
'"  /( /"GJB %


F@(
' _ 
%J
# V( !9%"(
)B%

Z
F"

"



)1 
GI +O "

L
( 9
"*%>
69
* EV$^L"   $


%I(
 (
 R5O6 "
# 

 
I@E
G


B"
(W+%
"@%:(
K[
'EJ   "(
W*% '6 GH

[scenario model incomplete]

2

1
Identify and model
(new) usage scenarios

3
Derive permissions
from scenarios

4
Identify constraints

Refine scenario model

[change case]
7
Define RBAC Model

Derive preliminary
role-hierarchy

Define tasks
and work profiles

[scenario modeling completed]

!#"%$&(')*+-,."%$/102%)43)253 "%)46879:/()'72%)0)4;($"%;()4)4'"%;($=<('7 >)?@?

ACBEDGFIH@JKL MGNPOIJFRQTS@FIHU#V4WOIX@HYW[ZH@JOI\L]SIW_^a`cbedGf1gihYjkdlgim4gndo
hGpbhGgiq1rnpehGo4hGdGpsut1hjvCph
jwGpegnxpbdGgiy1px8jb1xpz{rngikgndGrio
s-|4x1prnpxagibadGpwGs-h#|C}(hGkpb(jwGgi|ChB
~CBEEH@\L]@HEH\Q L]W[WL]SIJWMG\SIQWZH@JOI\L]SIW_^|Cwp4jkfhGkpb(jwGgn|
dGf1pjkkphGh|C{pwjdGgn|CbhdGf(jdjwGp5b1pkphGh_jwGodl|pz4pkt1dGp5dGf1p
k|CwGwGph[{|Cbx1gnbvhGdGp{1hGp4t1pb1kp.jwGpTgix1pbdGgiy1pxjbxhGdG|CwGpx
gibj{pwGs-gihGhGgi|Cbak4jdjrn|Ivjh i|C{pwjdGgi|Cb(|Iq ]pkd_{jgnwGh_B
CBEDGFIH@JKL MGNZSIJW[K\OIL]JKW_^(|Cb1hGdGwjgib4dlhdG|eqp=pb1}]|CwGkpx|Cb
{pwGs-gnh[hGgi|Cb1h-jwGpgix1pbdGgiy1pxjb1x.sjx1ppz{1rigikgnd1p4B vBh[p{1
jwjdGgi|CbY|C} xt1dGgnph_k4jwGx1gib(jrngidGgiph|CwdGgis-px1p{pb1xpb1kgnph_B
rir k|Cb1h[dGwjgnb4dGhTjwGphGdG|CwGpxagnbjk|Cb1h[dGwjgnb4d#k4jdjrn|CvB
BEHJ1HW[ZH@JOI\L]S.QTSFIH@Uc^5f1gihjkdGgimgidco.wGpmgip5hdGf1pTkt1wG
wGpb4dhGkpb(jwGgi|s-|x1pr.]x1py1b1pxgnbh[dlp{AClB|Cwh[gns-gi
rjw5hGkpbjwGgn|ChTjk|Cs-s-|CbavCpb1pwjrign4jdGgi|Cbk4jbaqpx1py1b1pxB
`cbjx1x1gidlgi|CbPp4jkfPhGkpb(jwGgi|.gihpzjs gib1pxPgi}|Cb1p|Cws-|CwGp
|C}gidGh=hGdGp{1h=k4jbqpe}]t1wGdGf1pw=k|Cb1kwGpdGgipxqojb|#b
]hGtq(]hGkpb(jwGgi|B#f1gihjkdGgimgidcogih#dGf1pwGp}]|CwGphGgis girjw5dG| dGf1p
x1pyb1gndGgi|Cb|C}1krcjh[hGf1gipwjwGkf1giph(gnb|Cq ]pkdG|CwGgnpb4dGpxxphGgnvIb(B
CBEEHJ1HTKOIW@WEOIJFSI\5\SUH@W_^5gipwGpbd5hGkpb(jw[gn|ChjwGp
k|Cs-{|ChGpxdG|R}]|CwGsdjhGx1py1b1gidGgn|CbhB5fgnhgnhx1|Cb1pgib
jkk|CwGx(jb1kp5gidGf.dGf1pk|CbhGdGwjgnb4dk4jdjri|CvBt1q1h[pt1pb4dGrio
dGf1phGp-djhG4hhGpwGmIpjhq1tgnrix1gib1vq1ri|kh}]|Cw |CwG{1wG|Cyrnph_B
h[kpb(jwGgi|sjlo-qp-jhGh[|kgjdGpx#gidlfhGpmCpwjrdjhG4hjb1xYj
djhGsjGoqpjhGh[|kgjdGpx.5gidGfah[pmCpwjr |CwG{1wG|Cy1riph4gB p4B
dGf1phGkpb(jwGgi|dl|djhG w[prcjdGgi|Cbjb1xdGf1pdjhG dG| |CwG {1wG|C
y1ripwGprcjdGgi|CbjwGpsjbo4dG|Csjb4owGprjdGgn|Cbh#wGphG{pkdGgnmCprio4B
CBEEH@\L]@H \H@UL]QTL]JOI\N\SIUH@cIL]H\OI\Z@IN^#f1p |CwG{1wG|C
y1riph.jbxdGf1p{pwGs gihGh[gn|CbRk4jdjrn|CvjwGpt1hGpx}]|Iw.j-hGps-gn
jt1dG|CsjdGgikkwGp4jdGgn|Cb|C} j5{1wGprigns-gib(jwGo-wG|Cripf1gipwjwGkfo4IgcB p4B
|Cq4m4gn|Ct1h]t1b1gi|CwGjb1xhGpb1gi|CwGwG|CrnphjwGpTgix1pb4dlgiy1pxejb1xjwG
wjb1vIpxgnb=jbgnbf1pwGgidjbkpEf1gipwjwGkf4o4B5|CdGpbdGgjrirnowGpx1t1b
x(jb4d#wG|CrnphTjwGpgix1pb4dGgny1pxjbxsjwGCpxa}%|Cw5wGpm4gipB
BEEHJ1H#aS@FIHUc^pwGpdlfp{1wGprigns-gib(jwGowG|Crip
f1gipwjwGkfo4dGfp.{pwGs-gihGhGgi|Cbk4jdjri|Cvjb1xedlfp.k|Cb1hGdGwjgibd
k4jdjri|Cvh[pwGmCpjhgib1{1td}]|CwdGf1p5xpy1b1gidlgi|Cb-|C}dlfp5k|Cb1kwGpdGp
 Ps-|x1prB`bdGf1gih5hGt1q{1w[|kphGh5wGpxt1b1x(jb4dwG|CriphjwGp
wGps-|mCpx(b1pPwG|CrnphjbxwG|Cripk|Cb1hGdGwjgib4dlhjw[px1pyb1pxjb1x
wG|Cripf1gnpwjwGkf1giph-jwGpTs pw[vCpx|Cwh[p{(jwjdGpx(B5#f1phGph[dGp{1h
jwGpwGp{p4jdGpxt1bdGgirdGf1pwG|Crnps-|xprgihk|Cs {rnpdGp41gB p4B1t1b1
dGgirdGf1p-pb1vCgib1ppwGh5f1|jwGp-wGph[{|Ib1hGgiq1rnp-}%|Cwdlfgnhjkdlgim4gndo
x1pyb1pdGfps-|4x1pr jhTjx1ptjdlp4B
hx1p{gnkdGpx=gib=gnvCt1w[pY dGf1pYjkdGgimgidGgnph.A dG| }]|CwGsj ko4
krip.dGf(jdgnhwGp{p4jdGpxt1b4dGgnrdGf1p.h[kpb(jwGgi|Ps-|x1prgihk|Cs-{1ripdGp4B
#f1gnh5gihj{1wGpwGp4t1gihGgndGp}]|CwjkdGgimgidGgnphT#dG| BpmCpw[dlfprnphGh_IdGfp
#f1|Crnp {1wG|4kphGhljkdGgimgidGgiph#AdG| gih(gibdGpb1xpxdl|qp pz4pkt1dGpxgnb
jbPgidGpwjdlgimCpjbxPgnb1kwGps-pb4djrsjb1bpw 5fpwGp-p4jkfPgidGpwjdlgi|Cb
wGphGtrndGh#gibjbp
pmC|Crit1dGgn|CbjwGohGdjvCp|C}(dGf1px1gipw[pb4d#s-|x1prihB

bkpjhGkpb(jwGgi| s-|4x1pr gih#q1t1girndTlj}]dGpw5dGf1py1wGhGd5gidGpwjdGgn|Ib|C}

dGf1p.hGdGp{1hYAdG| Ekfjb1vCphdGf(jdpb1wGgikfdGf1p.}]t1b1kdGgi|Cb(jrigndo|C}
dGf1phGo4hGdGpsk4jb=qpgib1k|CwG{|CwjdGpxhGdGwjgnvCf4dG}]|CwGjwGxrno4Bt1kfj
kf(jb1vCpEk4jhGpEgnhkf(jwjkdGpwGgnpxdGf1wG|Ct1vCfdGf1pEx1py1b1gidGgn|Cb|C}j#b1p
t1h_jvCph[kpb(jwGgi|YjbxsjGoadjCpT{1rcjkpTgibh[dGp{ ]wGpy1b1ps-pb4d|C}
dGf1ph[kpb(jwGgn|s |4x1pr#|Cw.j}]dGpwTdGf1pk|Cb1kwGpdGp  -|xpr gih
q1t1giridgib.h[dGp{ ]hGppgnvCt1w[pCGB 5f1pb1phGkpbjwGgn|gnhdGf1pbgib1
hGpwGdGpxgibdG|dGf1ppz4gihGdGgnbvh[kpb(jwGgi|s-|xprcB }]dGpwGjwGx1h dGf1pb1p
{pwGs-gnh[hGgi|Cb1hT]gi}#jb4o5jw[px1pwGgnmIpxa}]wG|CsdGf1gih#h[kpbjwGgn|4dGf1ph[kp
b(jwGgi|agihjhGhGgivCb1pxPdG|a|Cb1p-|Iws-|CwGp-djhGx1pyb1gndGgi|Cb1hjb1xY |IwG
{1wG|Cyrnph.jb1x=y1bjrnrioYdGf1pk|CwGwGphG{|Cb1xgnb1v # |4x1pr giht1{1
x(jdGpxjkk|CwGx1gib1vCrio4B }k|Ct1wGh[p.|Cb1pf(jhdG|PsjCp{1wG|mgihGgi|Cb1h
}]|CwhGtkfjTkf(jbvCp-k4jh[p-gibjx1mjb1kp4 hG|.dGf(jddlfp-kf(jb1vCpk4jb
qpk|CwGwGpkdGrio{wG|C{(jvjdGpxgib4dl|dlfpx1gnpwGpb4ds-|xprnh_BPpx1p4jr
#gndGfadGf1phGpjh[{pkdGh#gibas-|CwGpxpdjgnrgnbadGf1p}]|Crirn|5gib1v-hGpkdGgi|Cb1hB
givCMODEL
t1wGp x1p{1gikdGINTERRELATIONS
h dGf1pgib4dGpwGwGprcjdGgi|Cb1h |C}dlfps-|x1prihjb1xx1|4k
t1s-pb4dGhdGf(jdjwGp.{1w[|x1t1kpxex1t1wGgib1vPdGf1p.h[kpb(jwGgn|Ix1wGgimCpbewG|Crnp
pb1vCgib1ppwGgib1v-{1wG|4kphGh^
#dGf1f1pEpPhGo4hGZ[dGHpJ1sO\t1L%SYb1x1.pwS@FIk|CH@Ub1h[kgn|Cx1s-pw_{1jwGdlgigihG|CpbPh.jjb1rnrxt1h[hpjwGvCmCpphh[kjhpb(dGjf1wGpEgi|Cq(hTjhG|Cp }
s-|4x1pr }]|Iw5|Ct1wTj{1{wG|jkfB
H\QTL]WW[L%SIJOIKOU S@Xek|Cb1hGgihGdGhY|I}Yjrnr-{pwGs-gnh[hGgi|Cb1h
#gix1f1pp
b4dGgny1px}%|Cw-jhGo4hGdGpsB gib1kpThGkpb(jwGgi|hGdGp{1hjwGp.jhGh[|C
kgjdGpx.5gidGfRjkkphGh|C{pwjdGgi|Cb1hdGf1p{pwGs-gihGh[gn|Cb1h-jwGpxp
wGgimCpxx1giwGpkdGrnoa}%wG|CsdGf1pThGkpb(jw[gn|Ch_BTpwGs-gnh[hGgi|Cb1hEk|Cb1h[gnh[d
|C} |C{pwjdGgn|Cb((|Cq ]pkd_{(jgnwGh.jb1xf(jGmCpYj-t1b1gitpb(js p
|Cw#gix1pb4dlgiy1pwB
#sTf1t1phGdqSIpJ1pWb1K}%\|COIwGL]kJpKTx}]|COIw(KOI{US@pX-wGs-kgi|ChGb4h[dgn|Cjb1gnbh_hB `cdGbf1pTdGf1kp |Cb}]t1hGwGdGdGwf1jpgibw(dGkh|CdGt1f(wGhGjpd
|C}dGfpE{1wG|kph[hdGf1pEk|Cb1h[dGwjgnb4dk4jdjrn|CvTsjGoqpEpz4dGpb1x1px
#gndGfTk|Cb1h[dlwjgib4dGh(dGf(jdst1h[d(qp pb1}]|Cw[kpxT}]|CwwG|Criph#]#f1gikf
jwGp x1py1b1pxrjdGpwGB | pmCpw_ px1|b|CdwGphGdGwGgikddGfpgib1x
|C} k|CbhGdGwjgibdGhdGf(jdk4jbYqp-x1py1b1pxb|Cwx1|a p-wGptgnwGp
kpwGdjgib=dco4{ph|C}5k|CbhGdGwjgnb4dGhdG|qpx1py1bpx(B#f1pwGp}]|CwGp
dGf1pk|Cb1hGdGwjgib4ddco4{ph5dG|Tqps |4x1pripx=jwGpE|CbrnowGphGdGwGgnkdGpx
q4o dGf1p  h[pwGmgikpdGf(jd gnhj{1{1rignpxdG|gis {rnps-pb4d dlfp
k|Cbkw[pdlp  s-|4x1prE]gB p4BdGf1pk|Cb1h[dlw_jgnb4ddco4{phdlfjd
k4jbaqppb1}]|CwGkpxaq4oYj{(jwGdGgikt1rcjw  =hGpwGm4gikp4lB
#}]|If1wGs ppx 1OIq4WokEpwGHdjgnJb-L]Kt1L]SIhGJpwGWh|Cx1}phGdlkfwGp5giqhGo4phGdGdpjshG4h|IwdGf(q4ojd|CdGjf1wGpp
whG{t1pqwG
]pkdGh.jh.jt1dG|Cb1|Cs-|Ct1h.jvCpb4dGh}]|CwTpz js-{1rip4BamCpw[odjh[
k|CbhGgnh[dGh5|C}|Cb1p|Cw5s |CwGph[kpbjwGgn|Ch#5f1gikf=jwGp{pwG}]|CwGs-px
gibahGt1kkph[hGgi|Cba|Cw5giba{(jwjriripr dG|-wGp4jkfj{(jwGdGgnktrcjw#vC|jrB
#mCf1ppwGo=h[SIgn\b1vCripa\S |CU wGH=W k{1|CwGb1|Ch[y1gnrih[pdgi|Ch} x1]gngnb4dGppwGb1px1b4pdxdjdGhG|-qx1p4p y1b1jgidGkgn|C|Cb1s-h_ B
{1ripdGpx1phGkwGgi{1dGgn|Cb|C}jrirEdjhG4hdlfjdPj.hG{pkgny1k4gnb1x|C}
3.

Permission Catalog

Scenario Model

perm_1 = {operation, object}

perm_2 = {operation, object}

derived from

...

used for
definition

.
.
.

...

perm_n = {operation, object}

refer to

RBAC Model

Constraint Catalog
created in
accordance with

derived from and

composed of

refer to

perm_3 <exclude> perm_9

perm_5 <exclude> perm_12

.
.
.

used for definition

max_cardinality(perm_n) = 4

created in
accordance with

Task Definitions

Work Profiles

Task_1 = Scenario-sequence{S1,S7,S4}
Task_2 = Scenario S3

.
.
.

consist of

Task_n = Scenario-sequence{S21,S14}

 - 

9#6





; 6 ^#J

E 
% B)+G

Profile_1 = {Task_2, ... , Task_7}

Profile_2 = {Task_6, Task_8}

Profile_n = {Task_x, ... , Task_y}

(e

#I< #L^J

4*
 
(6%PB)+GH5A

 T

a#

%6 
( _"
"


'%(ZB
" _)FEuQ:>


%,9.0?2( Ru 
%84
8:";  )u%((
' 

,/.102<
$^(6 "CLW)+G@ OQ*>( R5
79K"
"

 (

4 e

#4# # P U#6 ##4 U^

EO B "CQ>

 !" 
*LE !VB/ 
N  X@
+4
P@4 5?
NJ)+(
9

'K(%GJ

used for
definition

.
.
.

3.2

#I6^ 6L#^#L6#<#64

Traceability: Design for Change

7=FG%4

L (
 1%
"%O

O[
'EF ( %Wu

%
$

" O@ =]

("
=6 " V

(W*
(
Q (4VB
K_GJ%(

# OJVBO 6 V


%#579 O6 " O  
 J
 V(

Y J"(
GH 
# 'GJ
)uGJ%( R45 'B54  (
W(
9("CBG
 (
 / 
%%

: \ ("E  "
# 
  

 H 
= "
# 
 H 
%)+K6  Q 6 
%Q<>( 6J

K4 ( K>
 9 E

J)

$&
'(
(
'"   
%K"GJ
  
1( /)#

B"
>"YBGJ(  


E %

#5PJ66 " V
(
W<
(
QL

W G

6 
'%


GJJ($&
6 "
 65JMN

E

?) 
IZB"
"# 
'?GH 
# '4G
u# 
 V( _@

%>
($&
6 "( K  


6 
"
6 "
 

"" 
%O"  J"


L1# C'B (
O)"# C
' 1(
? CZ"%

#

) "
(
6 OO"GJ
 
V(

W)#GJ%( 
%  $


($&
 


JBGJ(  

 - 
%8"
 6 

L )+G

GJL%( RX5 'B5B

)O 
E 6 C'J "
 (:( %>
%=
"G?E 


)#


VB?   
'
%J_6  Q u 
%JQ?>( u 
%JGH @W?>
# (
W? E(

+E

$&( +6 
 (
(W15



< 
KEB%# %<,/.102GJ%5=4GO] GJ
 9)+= E"Y6 "
 (
  

3.1 Work Profiles vs. Roles

0 *%; "(VB% VBIBGJ

 

  I
4*]L

"(
W3   $

" @%9(Q>( VE" 
VBY@6 C
 

(
WV6 

%
E'@* "
# 
 K   "; %<9( B";
>"*QN$
>
N+ [('EN5Y7=( ( : 
<  
 %
ZB
"*VB

QI>
 * 
%U,/.1028
 6B 

"

U,/.10?2UBG
 (

O%
"@
WN C  
'
%KJ( R5
[EGJ?QK>(  ? 6 
%# 

?%>
(

  
%
# _
%("=
(
Q=Q4>( R5=

"* / C QGH W
VB   ('4
%JG49# 

9Q?>
 
% " "
# 

GH @WVB   ('
%JOGJ9# 

96  Q /
 

W
GH 
W%E
% 
"( I

@Q>
%>
(

 65

79


I 

GJ6 
%
Z
";KV
Q>( H 
%
,/.102( =("C3  6 
'%8(
8


 
"$^(6 "C


%LE W_GJ(

GJ(=%E
%# 
"
 6579)+Q$
>
 " 
<VB*
%  : (
GJ(
# CWN 6 '*4)?,/.102( R5

  RQ>(  ! ('
(>" 
\ 6O % \
%>
(

K)9 /"
"@,/.102<GJL%5
F
F
GB6 
FOGJ
@

J F9

"
(/)B
  F
$

] .@

VB
H "
# 

 6 4
4^ 
VB
BGJ(  (4

% "
# C(B 4 #
&  4C
VB
8 _"
 6 

J 
%I('4(
H)\
"
 6 

L6 4C






l 

 4@

VB
 "
 ( 
% 6  Q + X ^- 4L

VB
Q*>( 
% 
,/.102<

5

)+E
 (W?
\
\VW?) F@O]LB
 
 
%J@
GJ="
 EGJ$


'H-" E 
B  (V
Y@6 " R5I[EGJ#"%(
'


B  (V(6 " C@

 E(%* E
!

N 
*E
GH 
# ' CV(
GJE
)(
)+GH (
B 
%* J"(
(WJ ("

'?
; 

6 " <VBH"
 
%%P

K'

P 
@E (
PE
%PV8 
$
GJ 
GJB  
V
5=79)+?(
)+GH (
H*VB?"%%
#  =VBu" )+E
(W ("% C
%G?E VBu'B 

%

 9O W

9("C*) "(

6 @ /E )@/

)+GH 

*(
* %
$
GJ
"C# 
' (E# 

 65

6# 
"(
A 
%GH 
$

'GJ
!)6 "/

)+GH (4

O 
69
>
%*)X  "N 
%
_WY"GJ
]K6  Q+ )+

 6 
":(\=("CI
VB$

W
%N ";4J)!

* 
"(5O4@(  6BGJ
@

%

uV
G%GH 

H 

"?

uWK
GJ4 
u)+ J$
"

L9# 
%(

'J)#
L

'J"GJ
]*GJL%( 9)9 
Q

% 65


'Y( J%
"(W< E%VLW<Y "
 ($&%

L"  R5


": "86  Q%>
(

8
-   L" %8"

W9
@8
"
 ( 9# =
%KVB_B)+GJ%Y)E(>( / "
>"_'X 
+5 'X5B /VE 

  =)+E
"

#1u" 
%(
':,/.10?2
u" 

4.

A DETAILED PROCESS DESCRIPTION



? "(
<% "(VB*%
Z
Y "
L
( ?)=@

VBO;E
B%K=
KO] "9
EG?VB9)#GJ
 

 9 ? 


$&
'(
(
'/L"  1(
OGJF%6 
5_ " "
L
Wu%>


%%KJB)+G_ "

O6  Q15


K6=
K EV$&L"   
%K( /% "

V%K


K9
K EV "(
5



 

V +"9 
/6 


 @ 9 EV ";/

Q /

4.1 Identify and model usage scenarios


J( ! EV$&"  F 
 

V
=E 6 '9 "
# ( F)+F9 W G

E
%Y"
 
%6 (
-
%
(>%T 
%GJL%(%#5T0=K> 
<(%

>%E 6 '< "
# 
 <% "
V%9( - 

V +"6597=)?K : V

?%(
V " # 
 9%
"(W)+G@_ "
# (4 65

qB6 


#



"5
GJ
H]1 G( Y)O E" % "
(
 Y)+


(

"
 ( /)+G

%(ZB
9%GH 

 /"E
%KVB

^!
 
:] G

G

Object

 E(\

@ ! E%
L\>( O(
H !E

 (W?

)+GH 

WL $
G

^7#6 
 )G
W-)+G



OV# 
Q(
' 

" @


1

Subject


V# C
QU ""E
@ 


Invoke operation 1

2 : _
3# 


"% *

 (6 

)+4GI 

K W GH5

Perform operation 1

Optional: return result 1

Invoke operation 2

* [for each usage scenario]

Identify sensible
system usages

make scenario
step sequence
explicit

9^#

9B6

* [for each scenario]

Assign name
(identifier)

BL#6:4L#6

1 Y

GJ)1uV#  
" @ O )+
(
"(E%;%

*GH 
WJ%
ZB$

(

#4#6^< #L^#<

6#64L

(
"J  "
# 

  EV E
@
WH -  V#  
)+
/%
 

)XGJ
 

 _ 
%J9%>
(

)X6  Q _ 
%
Q>
 6#

  
L #  @ E
"9
@(

 "C "
# 
( K]
("
(WP%>
%T 
%9(
%6=
T+ 
[
'E5Y79)+* " "
 (H( % "(VB%E'A
%6 
(%% "
(
P

PH)+G

Perform operation 2

Optional: return result 2

)O E";E%P@] 
%

" B
%(
'O% '6 G+")5"


H5(4@517#O
%
()+W "
# $

 u 
%J9"; B
%

'O  E
" 6R "E(W
'



W
<   
6 
"Y)%GH (
]B 6
(Q< *)+  6
E%
L  
% 
%G


6 

P "6 W)+4N KE

 (W


)+GH (
I WL GIJ _W 
" 
## _
E # 
% _4 
6 
"
Q)+ / 
6 X(
)+GH (
Y W GH5
Yu
% ;Y)
u "
 (GJ%
(
' EV$&"  = " "
# 
( =6L
%%




u "
# 

 *+5 'B5

^
B %-"E GJ_"% Y

^"C"QI"%(

(
 X@5
   "PBG
 (
P
*'
%P] C"@
W

"(
@*B;G
 (
" 6 ('B5

u6 "GJ

 (

+W
" (
W1  9(

Q 9J 6  "
# 
 + "(
5
GJ(  

 Y" 
PVBH%(ZB
@ %(
V 6 " 
%PV#  ("



BGJ(  

 J+ K
5 5GJ
 

 u
I%
Z
(4( u)
'6 
E (W50V 6 "JBGJ(  

 H+
(Q4

G

*"GJB %<)9V#  

"*G
 (
 :+(
Q

G

^6 
 )JG4
W B

^ % ""E
L I

^9(3 ""E
 BN)4@U V 6 "-BGJ(  


 65

79

"
 ($&V#  % X " 

I
# CV( *%"(
)=B$
GJ(  

 /9(:%(ZB
9'6 
E 
W5\0 /% "
V%:

"(

5
u ": :

"
# 
JGH WVB)+E/"
"(%:VW

 "
# 
B5!79?6 C@

 B)+GJ%I(
I"
"@
%
"
 (K C@(GJ
 )J CV 6 "BG
 (
%>
%


K_GJO'
6 1 "
# 
B5

9(H E

LE9
# GJ9(%

)+W9 "
 (Y 
%J) "(

 C@

4.3

 "CKB;R @


 99
@(
KO "
# C(JGJL%5

Identification of permission constraints

7=K(%
L
>" (
8)"4
 6 

L ( 
:)KGJ J%()$

>"E
  4)9Y
$^
'(


'-"  R5H7=Y>  

4.2 Permission derivation

7=OGJ
 (
K%
 

Y EV$&"  9( 9%("%K(
K[('4$

EO579'B L)" 
%(
' "

L
( ( @(%
(>$
" (4
)BGJ(  

 9
": 
"  6 WuB)+G
E R '= "
# 
 F)= W GH517== E
\)
\ EV$&" 

u@?BGJ(  

H"  C('+ [('4E?B9
"H"
L6 

  

BGJ(  (4
 9# 9_%"%K)+GO "
# 

 65


:%>
9
"WLB ?)"
 6 (
  E
%VBGJ%(%5

79O)X@9GJ !"GGJ
W _ / # 6 C@


)B%E@
 _ 
%
" %

# 
(
 65

6?
*GH WP 
HGJL%QL

% )

"
 6 (
 !(

Q/(GJ$&%B
%
"
 _+5 'B564
(WVB
- 5 GH5

%K5 GH5
GH ](G?EG

]"E

 


P

L J+5 'B5

GH ](G?EG
EG?VBJ)G4
W<6 
 )+B6 


 JB% @W15
79"
 6 

OWLB # Y ZB"(
W-G%
% 

W
 
"%IVWYK,/.102 ("?#  E
%IVE %I*
GJ$

Fetch current
scenario model


GJ
L_" B
%

'"
 6 (
 65
  =
GI W

* [for each scenario step]

VBI 
 (V

I<GJL%"
 6 (
 *
UE'U@ 
(%

,/.102 ("_

+W6 V(_@
)+";_ _"
 @6 C(
 65

Identify associated
access operation
Store
{operation, object}
pair

=^#

J @

'-%;>
%Y
 
"
 @R (
WB K(%
L
$

[access operation identified]

 1

uL6<

>" 

)- C";E F"
 6 (
 " 
VB'

#5
  
"- 

6=
EV$&"  \
\
%%)+F;4W"4
 6 

L\WB65 'B5


1

# P

)+ 6 @

" # 6 (
)%E
 /Du"
 6 

@ R
)+" $
6#14L

)+O@(%
L
>" (
N)! 6 @
" 
(WIGEE# \]L"
E 
BGJ
$

DFE

':BGJ(  

%
 

W- 

'( "
# 
:( ?$

%

# 
(W:";4
 6 

L * 
%H 4
#5/[\('EIO 6= * 
H]1 G(


 D"
 @R (
 65))

 6 
"uJ,/.102NG%B

(%#597(%

)+WKG
 (
 u?6 Q "H "
# 
* 

VB/VE
(%* E
%"
6 (
ND<"
 6 (
 _ 
%*" %

# (
( R


%-"C"CQ:9
"-B6 

U  EV +"*+5 'B5\ E RF
% _


GJ( = EV$&"  =#  =VBu]"E%Y)+_(%
(>" @


 _

)/" %(
 (

W<"
 6 

 65PS!)"E Y 6 =)/ Y"
$

J%>
H 
%N H 

qB6 


#BV +" F# 
O(
NJ$

6 

9(%
L
>" (
: EV$&L"   /GI WE
:(
:# 6 
(VE

GJ(  

" 6 ('B5-[
'E<J

(E 6  I J'
("Y "
# C(U 


K 
'
" L
L "?)G
9 
K E
GJE # EV$^L"  65

B)+GJ"GJ(O( 9 #5[= "CK) _B6 




GJ  R ' LE
""C# 657=?

)+/ 
%I 
% 6= ? EV$

7=9"
 @6 C(
F%>
(


L"  !(
'
6 ( !% J"E(!VB$

+"J%
"%VW C
3 "J WG?VBFKV +"J
J 9


" E HWU'B 


 (
#  < 


%
L
%E# C ""  Y"



'L# 
%< (%5:7=N C9 VB;
 EV +": 
%

B(
"WI 
% GJ
G W%# G
!=


- 
'B 

 $

(4
H#  _ B"
>"E
 _# u
%-VB
)"%H

8 C%%
@


E
"50)+O % #@( 9 V 6 "BGJ(  


?" 
?VB_   
'
%

@K"B6 :B(

"W5GH 
9

# ""E6 "
 "E
% ( %W

 
H 
%%>
%  G?EE# F]"
E 
J:OBGJ( $

 E(9(
K O "E

W*
 Q 65



 R5
   
E# 

 GH @WH""E=%>

$


J)F 
- %%
@

#  V @6 "6BBGJ(  

J
F
FB  (V
9

Fetch permission
catalog

E
% 
%#(u
_@
H 
 (V(@Y(" 
uV(G)+G

[for each permission in catalog]

BGJ(  (
I(@O4(

+
/@O]"E$
Identify mutual
exclusive permissions

Define SSD
constraint

9#6

" 
(GH '

J 9";4
 6 

L9uGGV ) 9# ("E 

4# 6


I+5 'B5"E GJ 6 E
%N
(WIVBH V
< (WIJ"$

(1

# # ^U

#64

2
 6 (
 - :

%
(>%8VW6 
QL

'<%GH (
U]LB

(Q]"E( O@ u%>
: C";"  _"
B(

"W:)

'B 
( 

#5J79 B 
 Y -+ E
%V V(


%
" @JJGJ
 (
 O9
"NG?E _
OVB'

NY
6 GJB 
?GJ(
(GH  
%GH ]
G?EG
EGV#)(
99G?E 1 E
%OB   = ## ("E  ""  1
'L65X0u

B  (V

(W)+"
 6 

L
%
@
>" 


#  "E(W

'

 *=VE
(%U,/.102G%/W
%
@
)+W
"
 @6 C(
 )+G
]LB

" 65=EV E
L
W
(
( 
"
 @6 C(
GJ%=
J>
%'J=
%GI C(
] R
5 'B5L "Q$&VQ 9)+ "Q 
%KV
%K@6 C%(
' WL GI5
7=
% "  )+"
 6 (
%>

(
E
%#6=$
6LVB* / 
E# (
K__'B 

 (
K@ E
 =* 
$


WL%:

)+GH 

K WL G#  u"
 (WY%>
% ""  /"
$
=B(
"W 
%3 %%
" % "E(W< J"=-
I V
Y

E'4(W%>
OO "E(W*E
GJ
L 65
)+E
# 
W

 1


U

U 'I'B 

 @

 @: "E
W J"*B 
(
U

)+
A

^ 
%(



+V H)/ W G

%GJ

( 6  65

66

%GJ

( 6  OE E# 
(WH @'L%NQ
6=
%'J)J"C

$
" 1
 E /)"GJE/ W G

0
#]1 GJ
" 
V(GJ$&%B
%
"
 651MU


#GH @W
VBF

ZB
 
F9]"Eu #"6 

 ""  ('1(
'
6 ;4


[for each exclusion relation]

@ - 4 



K)## ("E 9 E
" 65

 B
%(
'HBGJ(  (
)+G

I 5 GI51@8#5 GH5)+?

  
"5


H E"C8 _ 
E# 

I

u 
 (V
?%>
: _ B;"
"
$
6 


H
# ("E u(: 
%H
u
IBGJ(  

I

'
6 5
GJ(  

 Y" 
VB- 
 YV# C ("-VE(
%

'V
L"CQL Y9
(

 u@ F(  6"
 
\4)BGJ(  

 u 
%I 9)+=GJ
"GJ
]Y
L
( 65!0 J uE
)EG?V:"4GGJ
%I@*%$
>
H"
 6 (
 
P@I
6 *B  (V(H
5A7=
GJ 

# F
9 E
%J> \WO%>
9"
 6 

L !
J9BG
$


J
# C
%J

W? B"
)+W?"4
 6 

L F
J9
9(4
)B
" 
%(
'*"
 6 

" 

VB? 
 
V
WK%>
%H
I
BGJ(  

N
5[G

EO]LB

" @(    @J"
$

6 

GH 
# 'GJ


U'
6 / (
":"
 6 (
 *]LB

$
 (
WJ6 
u"GJ(]
WJ)1@J    WH    
'
%
+
('
"  
%K
K_
GJ
G
6 (4
K(5

4.4

Scenario model refinement

@<


  "
# 
PGJL%# IO C IVE(
H(
3 


8+ 8"(
B5(O

% 
%P)E>
%#5

  
"K
Y" 
%
(
'E( -  
@ ? "
L
( J

(
EV$&L"  6

"E
WVE 
/

L
%



Y_ 

(
'H 
%K%>

(
K)'X 
( 

K=
%_ "E(W

Fetch current
scenario model

B(
"
 =)+ 
 
(_

)+GH 

#579LE =WN uGJ @
W

_""="
6 "= 
 =)+4=@_(%
L
>" (
K) "E(W

* [for each scenario]

B(
"
 9(
K'
6 1 
%K)+9"
 6 

@ 9

K B"
>"5
0
?
GJ4 
?
 E*
@ ?)+G

* [for each step]

E]LB

" (

Find/define similar scenarios

and derive abstract type
(if necessary)

Define concretized-scenario
(if necessary)



 (V(?*
%
()+WK"
 @R (
 
I

%
(%E BGJ(  






IU<
%
L
>" (4
)"
 @6 C(
 I)+I
 +9("C
^"
6 (
?GJ
 

 R@579  
I)+/# ( 4)+(%

:O
O# 
%: GJ"
 6 

@ /GH W

WV 
 (V(W%$

Store new
scenario model

>
%-
-BGJ
 

-(4/ 
%-
u
-

/ 
%
("K 6 \
K# 
%"6 

WLB J)/"
 6 (


GH @WVO%>
%K
KVK

+)+9GJ
 

  
%K( R@5

9#6

0T'L%]1 GJ(- JGEE# F]"(E (BGJ(  (4
 657=



#4#6^ #6 ##

G?EE B]"
E 
uBGJ(  

 =G?E =
VB   
'
%

6 GJJ
H+OE 657=)H ?
J@K9
"N E"P $
GJ(  

<
K   
'
%<GE K E@GH 
" (
WN


?*  6 $
(4
*)%E
 "
 6 

L# 
O 6 "%*?( BG
 (


E'="
 6 


\%>
%
=BGJ(  

I 
%


4^4  " ;9

@(
 " "
# 
u
\(%

)F(u( u"GJ
]K
E'HV% "
VB%HG%6 
(%

E' 
K9
Y EV$& "
# (B5


N
57=J"
 E
";J)@ _
O@ _
KE OG?E 
BGJ(  (4
 65*u(  ? *I( K *

W-GEE# 

A!4 L^+4 F> /"E
/ "
# C(*G%

$

%Y
) (GJ
 9 "
# C( 9]( 59"
%L)+= "CK "$

]"(E (? 

"? "I)G9
 J uBGJ(  

:# C/( GE$

# C(* %%
(4
# + 
GJ( 6 "
# 
 =%>
%579
%#

E# ]"
E 
OI 9
  9
OGJ
 (
K)#O9
5

)+4 "C'E)1 

GJ(  "
# 
 

]1 GJ(
%Y() 

K "E
*I( 9("C<B    IGEE# ]L"
E 


0 
%9)+G# CF(FGH W: ( OVB9 
 
V(/@%>
/O

 G?EE# #]L"
E 
?@*
/#  R GJE /" 
IB$

V 6 "WLB=)+\ = "
# C(_" 
VB=%>
%#510
]$

GJ
 O "
# 
 9# 9% "
VB_O"  94)9
@$

)+G"6 (
""  $& E
" J+ "
# 

 R@57=( GJ 
 # 

%R @9(
'GJ
WJ)+4G

WA 

'(B6 

3GH @WAVE
V +"

# V
VEH(

Y"E
6#9( 


L
V# 
QL

'U 

" $

"G?V(
# 

+ LE
 C C
(" 

#
:
650u

@
 $



#587= : "
 ( N :
8'4EB% 
% Y"G$

(4OO W ( E" u 

E# 

:( @%>
Y 
V @6 C"

GJ
V 6 "=WLB_

9%(4%#L5 'X5L@_WB

BGJ(  (4
P+ -"(4
NB5

# CO 
 @( Y ""   $

GJ
W B5

4

/V# 
Q- ""E
45 'B5X  
0F7?H

^9(%R @

4.5 Definition of tasks and work profiles

Fetch work profiles

and permission catalog


( # EV$&"  "
# 

 # 1
'
" (
W_V

'/'

* [for each work profile]

Create role and assign

permissions

"GV

%:*  QL R5!79 ?6  Q ?
:E %:*%>

Q*>
 q O[('E*

[

Identify junior-roles

[for each role]

Identify (potential)
redundant roles

Define Inheritance
relations

[for each role]

Remove redundant
permissions


* "
("

-)! "
# 
 _9("C-" 
-VB"G$
&4
V

%<@I)G
"GJ
;]-B6 

#579"  $



') %# GH '/
!

- 
*(
 E6 
"/"GJ# 
WI+(
Q
" u C"";
%
6BGH @W)+!(
 6 
"9"
 
F)X@9 "
# ( R
'
/
A% GI '4O4
L6LE / EWY)/ uG

  

#^L6

5

4
X  "
 
 ?)
GJ6  Q 657=$
)+u "QJ>

 +4V*% "(@

)+ ="6 



9#6


"
_]B6L"
 O"   
%K"  9 @WGJ
L65

B 
(
K9
@(
KO'B 

 (4
YE
%9"
 
%6 

#5

% 1
 

Y6  ^
? #6


6

6RV)+49/>
# \,9.0?2H4($&
6 "W" 
VB9%$

E

+E

$&( -+ 

[
'EY5\
K
"(
WO
LQY)+/( /9 OBGJ( $

* [for each scenario]



 /  \ C EV #)BGJ
 

 /   ('4
%? 


  
% _=*BGJ(  


 )
F
  6 W# F
 

' ?# 
 
@50)+*
%
@
>% 
!)= 

5:[H


Associate scenario
with tasks

"GJB Y u EV 9)GJ

 (
 )

* [for each task]

Associate task
with work profiles

' =# 
Y (
 6Lu%>
* 
Y


 C
"_ 

YVB$

 

K

^

>
%69
(GJ

# W($&
6 "W#  FOV9VE(
%#5179$
)+:K
]L 8( :(%

>" (
8)

Fetch scenario model,

permission catalog and
constraint catalog

9^6I B



#6^^#

#

 

 6 #^L

7=9%>

@

J"  !)+F6  Q u 
%JQ?>( F
FVW) 
GJO"GJ
]# 
:" B
%

' EV$&"  /%
"%


[
'E<N E''4;  65N(Q4Y"
 6 

@ RY "
>" 


)+96  Q  
%KQ*>( OE E# C(
W*W%
ZB
L99(



O 
% =  ? (

 65/_ "
5[\(
# 


H "CH(

  (  

## P

 \( %>
%N 

+E
($&
)+4"4 B
%

'

OGJ4O@O%E
%# C
L9BG

 (
 9)+G ":(57=# C



GJ 
 _# uGJ6: 

BGJ(  (
 u# C %
"(W  $

'
%:H u
 
%  
(
(%:)+G


+E

$&( R5

MP

 
>

%# %>
%: F

G

# W(

6 "W5

%
 Y'B 
( 

 I 
%)%( Y(
)GH @

WL @GJ R5

5

79LE =

Y@uGH +4(W*)1"   =(=( =

(6 V(_%>
_@G
'9(*%GH 

*] q5 'B5B = 6 J @4
WB

for each work-profile {

create role and assign permissions
add role to allRoles
}
for each role1 in allRoles {
for each role2 in allRoles {
if {permissions of role1 = permissions of role2} {
add role1 and role2 to potentiallyRedundantRoles
}
if {role1 > role2} {
add role2 to juniorRoles(role1)
}
}
}
for each role in allRoles {
if {juniorRoles(role) exists} {
for each jrole1 in juniorRoles(role) {
for each jrole2 in juniorRoles(role) {
if {jrole1 > jrole2} {
delete jrole2 from juniorRoles(role)
}
}
}
}
for each role in allRoles {
for each jrole in juniorRoles(role) {
role addInheritanceRelationTo jrole
}
role remove redundant permissions
}

+E%'


% _ "6 WK)+J _"E/

)+GI 

I W GH579?GJ 
" (

'

'I# ?( ?I ("?*""'E<)= "
# 

)+ # 
";E 96  Q15

4.6 Derivation of a preliminary role-hierarchy

0=
 6 ')9(Y
'

(
'H"  
E'(
$

)+GH 

-#  OVB
-'B C@%-YVE(
%P > _ 

N)!
,/.10284($&
6 "W5[('EI?%
"; OJ" B
%

'
EV$^L"  6579NQU>( 
%NBG
 (
" 6 $

'P KK 6 

'NB(
 JN%
KK

G

# W
$


6 "W5u[_ "-Q:>
> _" I O4(=

 R GJ*  
GJ( _
 GJI+5 'B5[
L$CS "F.= "Q$S J"
,(CB5

"=Q?>
 \"
 
\)6  Q \9
"I 'B 


"
 ( =)# "
# 
 6LO" 
K%(;"
W*
%
@
)+WN 
BGJ(  


# J
%NVB   
'
%P *# 
"E J(5A,#GJG?VB
# /Y ( %W%
%:BGJ(  

 /#  
%%:
B)+G@_ "
# 
 9(
(4E 9 + "(4
KB5(5
# u# @4u@6 
 )+GJ% 
XQJ>( =(


# OB    OBGJ(  

 OJ
%
()+WHB
L 
(WH%E
%# 


 6579# GJ 
 J K(QL

'N)+J( J9
"B   
]1 "(WPN 6 GJNBG
 (
  K
-KGJNK


 
GJ
 (
 *) ;57= :( - 


 (  %
   

+BG
 (
 )

9#6 

66#
%
%VEGH Q%) C@L
?5HMN%

#^L6


F 

"9(FGH @W? GJ(GJ FVB9 
 (V
9_ @9O  6 

%>

(
 I 
@E'W

# 

O #4 #

6

8(
GJ(
 W($&
6 "W
'L% E"E%$

"  E"C*4( GH @WJVBE

B%=
N %%(

# BBG
$

"  9("C
E
%)+T A E4VLW )+O L

B  (V

(W
# _ "GJGJ

GH5Y0


E

$^4(/)! E"*
 !

#  C( %W



#6 *#^^# :6^

B     6 GJ

^ 4@4
BGJ(  (4
 65
8@K)+EJ"E K):($&
'



'


 ?GJ
 (
 GH @WNVB*Q%<)+G

0 WEGH @W

? #6 #


"%#H@3%;( (
)

# '
6  

>  

)J
$&(6 "WH GJ
$

EGH 
" (
W5[
'EF 9 " B
%

' 
'(G



%>
%\# \4
=)_E( (
\( FGH @W? @FV"4G



? E%"%5 %
(W+ GJ
$ E@GH 
" (
W1%>





 

+E

$&(O)#O65

+E
($&
 /()
/GJ
 

 C u 1 EV /)

J "
J 

$&
5?79E OJ%K
O%>
J GI 

$


O[
$CS J"O
9B9O( /[
$CS J" 
%.= "Q$

" 
(W?
 @

 
 65

"==Q?>
 F? ( %W

S J" OG?EE# C]"(E 

5/EV LE
9JO"GJ
(4

" %O

Y ""%# 
"!=
OF"4
 6 

L1" 6 
'q F[
'E

)@"
 6 

_" 6 ('XF (\

)+GH 

-# _
O
%%N@

B4_"
 @R (
%>
(


 =
%Y
=V_"
 (%%)

%>


 /
J @ 
 V
* "E(WY
'(
 65

%
 

)/Y(
GJ(
# CW<($&
6 "W5N0u % "(VB%

" C
)+?] GJ

*%>
*( 
 K+ -
?(
$



-)+

9(
'K "(
B"
 6 

L  BRWI
GJ$

 J(4E 

WH(
%
%
O( 

P ""% 
"J9(N

B6 
LuY>
 E

(
'
$^(6 "CLW:

H)+E

"
 6 (
O" 6 

'B5I4
GI WHGJ'JK%(ZB


"E _)#O"  R5


H(6 C"
 VW%>
(
'A K
(H9 

#  \@_VGJ
(
%# ;


G

# W
$&(R "W
 E(

')G

?  % "(VB% VB?#  

I@'
6 

"  )G

)/ u%
"% "W"(
"'6 D0O5[G

E

]

"=($&
6 "C( \" 
V=% "
VB%: %E# 
W

W

+E
($&


9)G%(ZB
u E
GJE !

$^
6 "C( R510 ! 6=
J


[
'E!9)+EF  u 9B %E
L
?,/.0?2IGJL%

"G(5 5E
L
 "E
WO
'

 / 
%%GH 

?]$
B 6#%>
OOGJL%   %E# 5

E'D0?  

":I E"E N :)+
8
](V


E'4@u%(" 
%(6 C"
 65)%Eu GJ
"
 @6 C(
 Y-
$&(6 "W8# C YVB-(
@-)+G

)Y

u *)+E@J 8
% NVB:]L"E%8# J6 
 )+GJ

D0?8

L: =5=

"u
   =%("(GJ# "
 "
ZB"%P
8 C
%P- GH 
(" Y)@8,/.102G%
6 
 )+GH (
Y
% =VB_)GJ%VW "E(W
'



%K%GH 

K]LB  
%YGH W*# %(WV EGH %#5

5.

EXPERIENCES: APPLICABILITY AND

LIMITATIONS

) <P"G(%TU"  U E%

; V# C %T


"
 ($&%

:

'



'"  65!7=> /"  O 
V$&V#  %

)+GH (
 WL @G)+!@9GH 
# '4G
F4)B @E$
%
J 
%8 (EG
#";4GGE

@
 69(
? "
%HO  J O B$
" (
%3GJ%
" 

)+GH (4
3 W G)+-GH 
# 'GJ


4.7 RBAC Model definition

7=U(
GJ(
 W($&
6 "WUGJ
 

"  C('


%A"4
 6 

L:" 6 
'8   I(
E:)+:,/.102
GJL%=%>

(
EV$&"  R5N[('E<%(" JY%
)"4 B
%

' "@
(
 65
(
Q<%( (
)
(
GJ(
 W_
$&(6 C"W( # EV$&L"  #G?E #VB!"
$
%E"%IVWY "E
WK
'

 J 
%I" 
I

WYVBK   
% 
%

9)+E
(W EGH %#VW / )+O OL45
0=> J (#( 9
"I?(E (WKGI Q%  
$
 C(
WO%E
%# 
/ L
%#579 "E(W
'

 %"(%
'19(O%GH 

O]LB 19
"O
 u "E# 
(Wu%E
$
%# 
 
%H" 
-VG6%H)GG%\ 
%H9("CH

%

WGJB6 W# :: 6 GJ ""  
'@ - 
%8G?E 
)+OVBOQ=

KOGJL%5


%KL"  

')
"@
("_# C@

;"4% 6579_
%Y"  
E%WO  VQ4;R 'O )+G)+/O"
V6 C@
%
$
GJ
9 
%]L"C# 
')
 


' E" / GJ
'!EB 

1

E

 (
 653,#  " 
%8%
GJ
H "
(
 )+(
 )+G

%$

<"
%E"%(
@ _,/0T "(

9("C
J)+E
%%=


K79$&'6 G

)K!EB 

"GJGJ(  

#5179 /"  / E%
 !6(%%*E !9
@* 
'

>" 



 
'@  VBE? "
 ($&%

I
?
'



'*L"  R

  
(" V(
(W 
%KB  (V(O
(GJ
 C@

 R5
0
J]B"@%-+@E'J
GJB C
L6B>
%(
'( !# F
9"E(%
# %(W? "CI !"GJ
= "
# C(O"6 '=4)\ ! WL @GH51$

   R Gu
% )O+ )+O  

'?)1

$&( 
W GJ = J"GJ
;Y@ "  Y";66 '4)99


W Gq

"
E%

'NLE
GJ
@ R% ('
"GJB

 6"5


H
 
WA(GJB  
V
A+ 5 'B5

*5

6_)+G

EK]B(
" :N" 
6 WU#  IE'(WP"
%E"%

Fetch current
role-hierarchies and
constraint catalog

"
 ($&%

(
'



':L"  = "E
W-;
$
'

 /(
6 "99(:%GH (
:]LB /( % 9JGJ( 

'$

Remove redundant
roles

Identify and define

role constraints
(if necessary)

Merge different
role-hierarchies

Insert new roles

into role-hierachy

E( 6596u%>

@

Y) 9"
";;*,9.0?2GJL%B

L"  99( uLE'O # )# " 1
GJ
L R5F4W*4'B $


 (
#   9%( (
" "E
WJB
("WJ ( 6 
(%@
B"
>"u
%  
%%E
 )u" 
%(
''B 

 (
5

[role modeling completed]

[role model incomplete]

!

- (1

9#6I 

T-

"#

#64

4 %

< #L # ## 

L
9
B(
(
8(GJ::"
 6 

J" 6 
'"
L6 




W"
 6 

 !
*(
%((%E# BG
 (
 _+ "

B5
5

79)+(
Q-# Y "
# 

$&%(4


'(


'
"  " 
VB '%GJ 
 @?VE
(%N "E# \,/.10?2-GJL%( R5
2 
' # GH WJL""E=

P "
# 
 O u(
"$
6 %-+5 'B5R()@/ W G( ]@
%%9(*
8)+E
"(
 (
W1
" 
VB

@'46 @% @6 C(')+O %
WY+")5"

I579=

"
 (
- C%%%8: "
# 
G%F
BGJ(  



%J"
 6 

L u 9%
%H+()X
"  6 W6= "
# 
_
u  $

'
%<I
*?G*6  QL : 
%<QN>
 6 C
%<>
# 
(W
O" 
'  O# 'B %K

LJ,/.102<G%5
0
<(GJB6 
L<>
%

'O  <@8 E(6 V
(
W)"
$

0 J _
]/ I";4
 6 

L 
I
 J ?%>
;%50 J C( %W

6 

 )+VBIBGJ(  

  
%I
 J 
%I?
%H*]L$

%
"E  %-

U"

-B5

%
(>" 

-)!"
 6 

L _


("
(W?G% "C4) =WB 65.)+? 
(%E $

="G(]6  Q# !" 

!VB/B)+GJ%*=

E/

E

B "CK)+9O> =

GJOOO
9 E VBE9


%K)+%V# "Q)+G%GI 

K] R5

B(


"  9%
Z
"
 6 

#" '


P G
^VB 

0 )+%>

(4
)9G
 (
"
 6 (
 

A

E
%_VBFGJL%
%#5MN\>
 (
W"C FF 6 
'L)+ %_O W

)J
$&
'

(
'KL"  Y@6"@

B5
@G?E O> 

JGJL% B"@

O"
 6 (
   / 
  C(1
"  R W

%"
%9
"W )/"
 6 

@ E
%VBGJ%(%+5 'B5



)+GH (4

 
 CV(510 F% "
VB%


\# B\VBI 

(GJ$&%B
%
"
 6" %(
 (
( "5
50u)+O % )+ "

%


"O 
%(GJB6 
O "((
 @ O J =
6 B# )

"
 @6 C(
FW C
J9
J EV$^L"  F

F 6 %JO
%
()+W


O
'(
(
'JL"  q "(
KB5
J 
%"(4
YX5(5

"E# "
 6 

L /+5 'B5GJ(

G?EGE #" %(
# 

WO)#



MN=)+E
%# \(
=GH +

W?)"   \

\
\B  
V
=@

"= 
4
 )# #"4G(]_ W G(
K  

'(($&
6 "W


?E %  (
EI%
*N ""  ?
'L ? W65N,"Q(

6 -)+
P# H- 
@E @

#  
,9.0?2GJL%

 5%6 @3

GB6 
"
"
E 

## ,/.102(  

"GJ
 _ 6  GI C(
6 "C( _9(U 6]L
GH (W:

"
 
WO %u"+VE (
  6)+E
"

 R C
%# 


#
  #
 9 
%K + GI 

EGV#)  
%# 

( #($


'



'
 
) E
%?)+#@uVE (
  #$


6 "( u"4
 
(
')F

WKu
 65/$

"   u EB%HVLWK" B
%

'(
)GI C@

H W GH5

  u
;$&
6 "C(  (# E
@%H*G6?%E
%# 
";


66W-% ";(VB"  ?)

>
%(
':4
(W-

)+G


,/.102PGJL%u 
%<@E GH Q- '%"
L

VE


U 
(GJ6%GH 

L6 

# V

(W C
%"GJ
 

V(

W5N

J) 9_)+E
%Y# 9  W GJ 9)+
K
%YJVB_%("%

VW 6 6 =# 
K
_
6 "W5 6=)+GE=]L$

uGJ6 u(= 
%:%J
9'

@% C(= V4E/@O%( (

)XGJ
 (
 RR@   ('
G
F)XBG
 (
 FO( !F
%>
(

K)#($&
6 "C( /="
 6 (
 65


1! (

% 
%E:% "(VBY uGJL%1)/@
'($

B(
" !/" 

!"GJ

@
WI '=
-
=("C 6 



')_
$&GJ
 

  
'
GJ
 *9
"PVE
(% EB

# "
")

$^(6 "C
 E E (
W-@6 
   

W

,/.102=GJL%U
5

V# %
W*

6 "@
"  
(" 

#5



#  W ?VB
<4( K C
%<BG
 (
 ?I%
L
%*
$

S!E>
# CXGH Q  _'6 
E 

W4)1_BG
$

7=W(
%E" %%
$

BGJ(  

U   
'
GJ
L_

Y GH 
( 
%NV_GH 
# '4 V(



 =("CN uGJL%
%(


'(
(
'"   
%

 R5!79
 @W4 ?6  Q 6Q# 
 J 
%

O    
'
%KJ
 65#0u 9GJ
L

%K

"(
:B5(


J B " O6  QK 
  _ B"(>"?
"?)\Q<

"
 ($&V#  %T B "CGH W 

) "
(
6 NN%"@


#Y 
%( <   " %=

P-BGJ(  (4
 Y@  -$

+V 65


%-GJL%


')_ V @R " 
%-V#  
"BGJ(  

 65u0
@E'

E
%HB)+G

*%(%

"E
K 
WN"
"% J"E

( 9
@ 
$

)\6  QL R5_ "I6  QYE  
@  _ B"(>"? I9(

( #5I0Q# 
( I J E
"

G?E
6 
E G%
(
'- 
%   ('
GJ
/)/ V 6 " 
%:V#  ("

Q# 
#5YCV * JGH B%-KQ# 
 65796  Q

BGJ(  (4
 ! /
!"GJ(

W E V4E!/

'$&@G

HQ# 
 @



: GI 
W$^$&GH 
WN (4
##=


G(
" (
 )F E"C _ ;5=MN?)+4? E'' *GJL%

KQL @


VBNQ

% )GJ
 

 VEO   
'

(WU V 6 "$

0(
u"GJB %-)!
uGJ

GJ(  

 9J( RL
)#  
V
5


?
$&GJ
 

K   
'
GJ


WO B "?% 69$

+V (
( H *GH 
LW$&@4$^
$^ (
5

+V R5J6(
")+L"E _

6L
='(
% C(";4
 6 

L ? 
%4($&
6 "

ZB"!
$^BGJ(  

N   
'
GJ
!"  O 
%*(" R

6. RELATED WORK


H(26WL
= (W?% "

V u V#  (" B "C \"E
%

VBHE %P(%
L
)+W3,/.102
 65A
P  
"H E'' 

3"
("%
ZB
LE A "(
( 
%T% "(VBPG

V#4V +"# 
 65I79 < "((
 GI W
VB"
E %
P%>
" 
%(%# C@
 65

" %
$

9 =# C=W* (
'

* C"@
(W*)O
_
'



'J$
"    /9
O
% 9JVO)+E@= VB6 %#5

D!E
(" " 
%(%# C@
 8 

%
%#LOGH (


'J
  _E
B%Y9
@KOGJ(

GH 
B  (V
_ =)#GJ
 (
 R5
K_
]= Y"
 6 (
 ? 

7.

CONCLUSION AND FUTURE WORK

7=/ "
# 

$^%(
(
'



'?"  EB 

%>
(

<) "
",9.0?2GJL%O 
%<(% K %# $

%>
%YVB)+O
$&(6 C"
 9" 
KVB_VE(
%#5
[
# 
%I 
%

+5 'B5X)+GEE# !]";

E (*BG
 (
 61GH ](GEG

# 

@
 /%>
%:
KBGJ(  

 65;
  / B "

J 9QL

 O E'4' _K%GJ(

J('

V

(WI)F E
(
'GJL%( _E'- 6 (')+O %

)+GE O"   (5
K

 B " E
 (
 O%$

 'B (
)"# 
' -(
 

: ZB"%GJL%
65


%H)+G"
%
@

 uGJ%
%H)+ _E "  5/7=W

"E )1uL"   =BGJ(  


"L C 
'BX ="4
 6 

L" $

3

B - ?JU WLBJK]
%E J"  J% "






'U 
%%>

(4
 )Q<>
 I KL%E"%#5N79 

9( %%(

#  "E(WE
G
 6579 I "E
W$

GJL%( R%L"EG
    I)+E
%# (4
U)+*I%>


$

E(GJ
 O 
* "

>%*9
@(
@]LE# B% "
(



)_,/.102YGJL%L=
"?"
 ( @ #)G
 (
 R( R

)# \E "  _+E E# 

(WO%>
%?

K \E "  !GJ VLWO=
$

4



'Y 
- %%(

# "GJGJ;
!GH Q%*=
@*/QW%


$&(6 "C
  
%K"
 @6 C(
 65

^ "E$

7=_ "
# C(J"
"=

9)#";
6  
'

>" 
"O)+9E? $


W +5 'B5C

OF$1B @"
%(

O (65X79FBGJ(  



B "C#5!0 "
# 

" 
:VB 
 /"
("

:)BGJ(  



\ B"
>"O "9+

% "L C
?
?VB%GJ

%?)+G3

#  CY 

%:

_# 
";E %/* " u%>
%

E F"   ( 9 "@41# C@

"
#  

#5X79_ B "C% 66=$

+E R'B 51
%\_)G

6
#% "
V9
K 
%?"
 6 (
 / 

";
%#


G?E =@)+_9
< (BG

 (
 =# ? _
%%Y"GJ$

% 9
=% 1=
K_%>

@

K)#
$^(6 "C
 65


WN (
'4( )9
# 
"E  "
# 
B5S!
"


-
! 

- 
%- 
%EJ 
u 
N B "C@] 

!"6 

"
# 
B ! EV +"

"
 (GJL%

!VE
(!"# 
' !@ F

"/)+E
";

# 
(W

J%(ZB
_ @ O)O 
P,/.102UG%\9

@N%(ZB
_JJ

)1u WL @G" 
VBu

"B6 % 6 
'@)O %
W51
E

% '6 GJ 65S
H 
J]1 GJ

9)+G9 
@" 9%GH (
W

GJL% E"C< " 
'_"  _

9"# R "@
%K@E'K@_%>$

6JYGH WOVBO C(

%

?(
"

u%"EGJ
L


(
) !
E 6 '4 "
# 
B517==
 "
# 
u
/ %%%


,/.102GJ%5Y
  @W-%I
? 
K (

/ "
# 

G%R
8BGJ
 

 _ 
%"
 6 (
 _ 9%$


'



'"  !!)+6 GJQ1 
%%)+/
!% 


%+
)#
";  6 W1O "
# 
J
   
'
%K
O/G

9(OF%>

(
OL"  14)L"
 6 (
 
%O
$&(6 "C


6  Q * 
%-Q:4>( R\ 
%->
# 

(WI"C# 
' * # C$

9O%( (
:)BGJ

 

 R5

'B %

L,9.0?2NGJ%57=u%
(
) 9 "
# 
# 

,#"CQL
9 5 E'' u !L"  $&(
%H B "CJ)+\(

O OZB"65

>
%(
'A(C57=W 
L@I]


" W'B %

7=\%>
%OL"  16L

% # W GH ("u B "O9(

)+G O"   E%W:"
%E"%8 

G
 65/7=WK%


'E



'



'Y 
%#  O 
 %W6

 _ (
" V
(
W

 GJ

F%(ZB
1 W 6!"  1 W6@F

F @W= 
%O

"  Y E%

 65H
   "
@

E(
'H8 (W<@

""  \
'  @W46509> =VE 

  L"   \)"$

"  u(
I 
(" 

  *]
%IEQL
6=
%'

 B
%(
'*'B 


 (
GJ%(%+"   W65!79

)

'4(


' 
%u)+E(GJ6@"  %>

$


" 
%
%#  / (%
L
>%?)G3@ "  % "






#579( ? 


"
E% =u%@"

Y)1'B  

_"E



%H'4( %-(
8 O

" 6 
'+( @W46@57=4( @W

"  %>
(

#5K[?

 6 
"(
 "
# 
$&%

$

FE

D_5 [/5[R (

BL5 [/51. Q(W1 
%Du5
,/5 OE
#50

Role
Engineering

,
$.=  %K0""  2
JL% 
%,)+
"

Access Control
Policy Definition

Implement
RBAC Model

&

G.

44&+4u4 @ 4CL^+4H4 R^C+

L[VE# WN5

 "

9#6I 

G(GJ
 C@

K9(

J2B6 O
@6 C
65

Technology
Selection

 

HE

D_5 [/54[6 (

BX,/5X 
%E#X5XO L
 4XDu5
,95 OE
#X 
%
,/52## 
%6 GJE(5 XB %K7T6 
%# C%Y)

*^I##L6^#4 L

B "C
( ?% J"E(?@I%" W G


 T

,
$.=  %K0""  2
5



L

 ("BGJ(  



 
%-( RF# u%Y
u E

u)+4G W GH * V @R "
)+E
"@

# 

W_VE)+4G" 
?"

'W5[#;]1 GJ
()
"6 

 WL G)+E
"


#(GJ
GJ
L%?E'?V$&V#  %

c

-,

  

:+
KJ

\ L

.I/2/1/.@&C4^+L4
/! +C+ )6L. M/N9

 
T
QP S R  P

4 4
1B5

 

-,

E
GJ
L 96 " V

(W*V(GH5L

F +&

E5EGH 

#5L0""  ="4
L 
%Y   


YGH 
# 'GJ



K 7=7 H
L

GJ
65 .I/2/2/O@
. &C 4 X&+




 

   
% 
(" V

(W5

 

L 
LE W[VE# WB5

[EGJ9[
'EO E''  F# F
=
'(


'O
F)

u54 "V 
#5


C+^ 
0%%( 
$&MN 
W5


G(GJ
 C@

-)_ ""  _"
( R5u7=)+4(
 $
(4
 J)uK
K
'



'N"  - 
%8( "
L]J
%

\ 4
4 4 4
!4 4 ! 4&4 15

SO5 
%K0J5[(
Q( (
#50

# 

WL ( /)



'O"
>'E6 

J>
 !F "( R517=)+9/)+EF>


"E 
(WO
 #)# \ '#"  #)+#%>


(
: 
%

:+

GJ%)#
5L

%%


# BGJ(  

 1
%O9VB\%>
%O)+1F" B
%$

%? VB6 !

'

(
'L"  #]L
%?
 #"GJ$

&

44&+4u4
LBL0uE'E B5

 4C4^4I4 R&

295 
%K0J5. C(%9(
5L7#6O %  /GJO"GJ




" E (
'N2== "( u

L
# #V$^ )+E
"

 6

 
1 

/!

FT

H5L Q J5 7?51.1E 
%L5(H529 

51"
# 

GH 
# '4;GJ
6#0
K(
%( "((

# WN CB "C#5

"W"(?GJ%#)+J+
$^V# C %# ""  u"
@
65=! B" 

WY

! +& ! +C+
L4C4 X@15

295 

6145L[\ (Q11 
% J5 O5Lu'EW
#5
&+

GH 

'O)F 
H V 6 "6\ ""  F"
B
("W
H "
"
,/.102GJ% 
%8K  G
   
( 

8=
3 * B"(>"

UJ
FE

V
 
'(
 : 
"Y 
,/.102P L
"# 


E(%<I(GJ
GJ
LK 
_  " ?)? "6 

""  ?"

B(
"WN+5 'B5L # 6 

K)#%E( R
 
K
GB6 
= EV +"65
1
QW:E
GJ
L _
'(


'Y"  R" 

FE

6L
%YE 6"  'E
%# 
"Y) "E
W<
'(
 6Q
6 "Q:)F"C# 
'

'GJL%( * 
%HGJ(
%H "E(W:
'


VBE!E
)+E
!6  Q 65MN C/"E

W%


'? E"C-
L4)+9O EB9)# "E
W*
'(
 65

)( 
*  I (
+ -,   .0/1/2/
43  5.


7638. 9
:+ -,  
;    @c

Ic < ] =
/ >
 ;  & A@@ @ 
< ?> 
+ ?,  
;    @c

C
+ -,  BDC
#
-I

6 1T 9

+ ?,  T ;  [ 
@c

8.
REFERENCES
5.1L"C#L54 "V 
#1 
%451,#EG?V# E'5'&

4  
:4+
4   \J!+4 50%%

$^MN (WX5

L5(H529 (5L[
O  
 9)+9 "
# 
$&V#  %K% ('4
#5


\ 4

=4 /

4 4I R&
+

u_5(L52#W
51,#
O
'

(
'B5L

L+ @&C4&+44
 15

\ 4
4 4 F4 4  4&4 5
4
L5(H529 (+%#5(5 
4C+ 4 u
! ++4+

4
4
 L4 J+H 6&

 645
u  X 51C
KMP
(W 
X5F (

%,/51 
%E#5L7#6O % 903J.  %

0B "KH,(O!
'

(
'B5L

F 4
4&4 5

4 4 F4 4 
4
X5F (

%,/51 
%E#5L!
'



'J)
,
 GJ(  

K0  
'
GJ
 65L

=4 1L X&OC+
D!"G?VBB5

\ 4

X 4&+4

4 

u_5(.=5L[
# 
% 
%L5(295 J =Q

 65D!G



'J


'@ 9)GE _" C  65

4

F4

4



 \ 4
4^4 45

4  4

 a XW V

)644+&+49

4@

Q&

Y@

51C
KMP(
W

KJ
J

5 O
LWB J 
%Y5GJGJ(

(5 F +^
! +C+
_4
 4  51C
KMP
(W

T

@
 R5

&

5LEGH 


%I56@GV"CQ51DF ('

%




/D[

G(GJ
 C@

K)9 [
]L
V
*,/.0?2#$6L
"O(


+

SV +"$CS(
%"
(
'J= 
'E# C'5L

79)+NGH 
WU
GJ
L :)?NL"  K" 

KVBP E@$
EOB

L

 

4 ^O 
4
 645

)F

'



'%B
% _ 
'

>" 
@
W:
HEGH 
H) " R5

)9L
TL EB?
" C(

WN 
 
V( (
"N J@" 

#

,/.102 ("Y O

L @

'>
% /)+9)+E@EOQ15\7=$
)+u%>
(

) 9"
('4WJ 
"@

"  # 
$

+C+

<VI)+E*(
 @
'B %U% 
'
Y"GJ
 
:
()$

GH %P+Y OGJ O# C@ 

(W154@(  O)G

 
G 65 -9 
\> 

Y@

4 @4

4+4^4_C+

uM5 u5 W5
& K 44 4O  4
^44^+4 5C4
KMU

W 6
 61B5

9

 

?,

@ \ u 4

X&O4
LuG?VBB5

&

&+

.=5,/ GJ  
%H54 Q45L7#O %K)+
"_GJ%

9)+

 

E
GJ
L 96 " V

(WL5

.0/1/2/ &

44&+4uL
 4 ! +C+ 1@14 
E# WNCB5


5,VB@ 

%451,#4V 4
#5 :4&C+  4

! +&
 5L0%%( 4
$^M (W15



UJ

J51,L"CQL
5"C(GJ) 
%,/5LMN
%

'65
X"  $&

L% B "K)+9
$^>
%

'J@


GJ(GJ
9($&V#  %K "E
W %GJ(

6 

K(

+

'O(
%E  'X 
( 


#5L

   @c

FE

-,

 T

\ 4
4 4 F4 4  4^4 X5
4

295,
 
%#O51  
%,/5 O 5L!]LB

"O=


'B C($& "
# 

J"E


'J(
KE
G
 9
'



'B5

-,

  .0/1/2/.
 #
/ 
) 6M/N9

\ 4
^4&+44 R 4+4
45
! +& ! +C+

,/5
5 
%E#L_5(L52#W
 5 =5L[(
 (
#1 
%295 _5

UJ

]FEGH 
#5,
$&V#  % ""  /"
L1G%
65 .0/2/1/

#

4 ^ L[VE# W5

u79O _,/0.Q6 ' B )+G

%$

#(4=9?5 ( $^E
( R 5 'B5

GJ# '5

u0J5 
K= GJ %51B 

$CS!

@%,E
G


:+
KJ

!
'



'B0E(%%7#E654

 #

.^C4&+44 R
/! +C+ )6 M/N9

 

?,

  _^ `.I/2/1/

  / 4

4+4 ! +@&
L0E'4E B5