Library Open Repository
Partial Access Control Permissions and Rights
de la Motte, L and Hartnett, J (2005) Partial Access Control Permissions and Rights. In: of no conference. (Unpublished)
PartACPerms&Rig...pdf | Download (129kB)
Available under University of Tasmania Standard License.
In order to satisfy the Principle of Least Privilege in large enterprises which employ Role Based Access Control systems a large number of roles must be defined. Role management can become a demanding and complex task in such situations. This paper introduces the concepts of Partial Access Control Permissions (Partial Permissions) and Partial Access Control Rights (Partial Rights) which enable the number of roles to be reduced and role management burdens to be eased. Partial permissions are linked permissions which are applied simultaneously to two or more roles. The rights defined in a partial permission only become active when an access request triggers a sufficient number of linked partial permissions. Partial permissions enable permissions to be given to any combination of roles. For example, if a hospital patient is attended by clinicians with a "treating team" role and the hospital has a "doctor" role, a partial permission applied to the two roles is only triggered during an access request from a doctor who is on the treating team. Similarly, a Full Right is triggered when a complete set of Partial Rights are activated. Partial rights provide a means for incorporating consent and authorisation into the access control system, as well as facilitating the application of general access control rules to groups of associated roles.
|Item Type:||Conference or Workshop Item (Paper)|
|Keywords:||Access Control, Role Management, Access Rights, Privacy, Medical Records|
|Date Deposited:||15 Dec 2005|
|Last Modified:||18 Nov 2014 03:10|
|Item Statistics:||View statistics for this item|
Repository Staff Only (login required)
|Item Control Page|