Dynamic and Temporal Control of Role Based Access for On-Demand Role Assignment

Abstract

The computer systems security, role-based access control (RBAC) is an approach to control user access to a system. It is used by a majority of enterprises. Within an organization, roles are created based on various job functions. The permissions to achieve certain operations are assigned to specific roles. Members or staffs are assigned particular roles, and through these role assignments they acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role/s, management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this streamlines common operations, such as adding a user, or changing a user's department. Depend on the organizational structure; user’s roles are different from each other. In generally high level users (supervisors) having more privilege roles than lower level users (subordinates). In practice some time supervisors are willing to temporary grant their role/s to subordinates to performed particular tasks due to unavailability of the supervisor. Those are unplanned requirements of an organization. In the event the supervisor is not available and has to transfer his user account information like username & password, this may lead to the subordinate getting all permission which belonged to the Supervisor instead of getting one or more particular permission/s. This may lead to the probability of misusing of authorities given to him. As a result the accountability of the incident is blamed on the Supervisor. Another opening of giving the password /username would be him/her getting an impression of the pattern of the Supervisors password /username and also forgetting to reset supervisors’ password by Supervisor, will allowing to access the system without supervisor awareness. This research focuses on developing a system to facilitate non-administrative top level users to temporarily assign access permission to their subordinates to perform particular tasks for a limited period of time with control of administrator predefined rules. Assignment of roles for a specific period of time by a supervisor to the subordinates would be a valuable facility for most systems.