CONUGA: Constrained user-group assignment

Gail-Joon Ahn, Kwangjo Kim

Research output: Contribution to journalArticle

Abstract

In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control.

Original languageEnglish (US)
Pages (from-to)87-100
Number of pages14
JournalJournal of Network and Computer Applications
Volume24
Issue number2
DOIs
StatePublished - Apr 2001
Externally publishedYes

Fingerprint

Access control

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

CONUGA : Constrained user-group assignment. / Ahn, Gail-Joon; Kim, Kwangjo.

In: Journal of Network and Computer Applications, Vol. 24, No. 2, 04.2001, p. 87-100.

Research output: Contribution to journalArticle

@article{3a298b96299242628336aabd2663cba9,
title = "CONUGA: Constrained user-group assignment",
abstract = "In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control.",
author = "Gail-Joon Ahn and Kwangjo Kim",
year = "2001",
month = "4",
doi = "10.1006/jnca.2000.0125",
language = "English (US)",
volume = "24",
pages = "87--100",
journal = "Journal of Network and Computer Applications",
issn = "1084-8045",
publisher = "Academic Press Inc.",
number = "2",

}

TY - JOUR

T1 - CONUGA

T2 - Constrained user-group assignment

AU - Ahn, Gail-Joon

AU - Kim, Kwangjo

PY - 2001/4

Y1 - 2001/4

N2 - In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control.

AB - In role-based access control (RBAC), permissions are associated with roles and users are made members of appropriate roles, thereby acquiring the roles' permissions. The principal motivation behind RBAC is to simplify administration. In this paper, we investigate one aspect of RBAC administration concerning assignment of users to roles. We introduce a constrained user-role assignment model, called CONUGA (CONstrained User-Group Assignment) and describe its implementation in the Windows NT system. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups in Windows NT. Each user within a group inherits the rights associated with that group. We demonstrate how to extend the Windows NT group mechanism supporting our model that is useful in managing group-based access control.

UR - http://www.scopus.com/inward/record.url?scp=0035323515&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0035323515&partnerID=8YFLogxK

U2 - 10.1006/jnca.2000.0125

DO - 10.1006/jnca.2000.0125

M3 - Article

AN - SCOPUS:0035323515

VL - 24

SP - 87

EP - 100

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

IS - 2

ER -