This paper describes a structured approach to managing Role-permission relationships for implementing RBAC in large decentralized organizations. The paper begins by outlining the rationale behind this design followed by the description of its two main features. We show how the use of logical objectives (as opposed to physical objects) as targets of permissions can improve ease of use and accuracy of the administration process. We also describe a mechanism for viewing role-permission relationships in the context of organizational structures, which provides an opportunity for bringing about qualitative improvement in RABC implementation. We conclude by summing up the scope and limitations of our approach.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	2	D. F. Ferrailo, Janet A. Cugini, D. Richard Kuhn, "Role- Based Access Control (RBAC): Features and Motiviations". In Proc. Annual Security Applications Conference. IEEE Computer Society Press, 1995.
	3	John Barkley, Anthony Cincotta, David Ferraiolo, Serban Gavrilla, and Richard Kuhn. "Role based access control for the World Wide Web". Technical report, National Institute of Standards and Technology, 1997.
	4	Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
	5	Ravi Sandhu , Venkata Bhamidipati , Edward Coyne , Srinivas Ganta , Charles Youman, The ARBAC97 model for role-based administration of roles: preliminary description and outline, Proceedings of the second ACM workshop on Role-based access control, p.41-50, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266752]
	6	Ravi Sandhu. "Role-Based Access Control Models". Advances in Computers, V46. Academic Press 1998
	7	C. L. Smith, Sr., E. J. Coyne, C. E. Youman, Srinivas Ganta. "A Marketing Survey of Civil Federal Government Organisations to Determine the Need for a Role-Based Access Control (RBAC) Security Product". NIST small business innovation research (SBIR) Phase 2 July 1996.
	8	Ravi Sandhu , David Ferraiolo , Richard Kuhn, The NIST model for role-based access control: towards a unified standard, Proceedings of the fifth ACM workshop on Role-based access control, p.47-63, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344301]
	9	John Barkley , Anthony Cincotta, Managing role/permission relationships using object access types, Proceedings of the third ACM workshop on Role-based access control, p.73-80, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286901]
	10	Ravi Sandhu , Joon S. Park, Decentralized user-role assignment for Web-based intranets, Proceedings of the third ACM workshop on Role-based access control, p.1-12, October 22-23, 1998, Fairfax, Virginia, United States  [doi>10.1145/286884.286887]
	11	John Linn , Magnus Nyström, Attribute certification: an enabling technology for delegation and role-based controls in distributed environments, Proceedings of the fourth ACM workshop on Role-based access control, p.121-130, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319183]
	12	Virgil Gligor, Characteristics of role-based access control, Proceedings of the first ACM Workshop on Role-based access control, p.10-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States  [doi>10.1145/270152.270169]