What's wrong with the ANSI RBAC standard? Part 3 - what happens when you remove an inheritance relationship?
By jeff.shukis on Aug 15, 2008
The ANSI standard for RBAC (ANSI 359-2004) includes role hierarchies as an optional feature. The model of role hierarchies defined is simple, easy to understand, and generally good stuff. It does have a few problems, one of which I think should be addressed: When in a role hierarchy an inheritance relation between two roles is removed, the specification doesn't say what should happen. It should. There are two possible behaviors in theory. In a world where workflow, approval, and attestation are important - our world - there is really only one good behavior. [Read More]