Task-constrained RBAC model and its Privilege Redundancy Analysis

RBAC supports the principle of least privilege by the appropriate combination of roles assigned to users. However, the minimum role set is hard to find. Role hierarchy and inheritance can result in aggregating lots of permissions. To solve this problem, a task-constrained RBAC model is proposed in this paper, which presents four task-constraint rules to restrict the permission inheritance and role activation. An approach to calculate the redundancy of permissions is represented also, which can be used to compare the different opinion on whether single role activation can get less privilege or multiple role activation can.