2. Role Based Access Control
RBAC is an efficient and safe role-based access control model (Ahn & Hu, 2007). Began in 1970s with multi-user and multi-application, and has rapidly evolved in the last three decades as a technology for applying a high level security in large-scale systems. The pivotal idea behind RBAC model is that permissions are associated with roles, and users are administratively assigned to proper roles. This mechanism ensures that only authorized users can perform some functions on some data/resources (Ferraiolo & Kuhn, 2009). Figure 1 shows that users are not directly mapped into permissions of accessing some resources, but to specific roles which have to be previously assigned to those permissions.
The concept of RBAC security policy