An organizational structure-based administration model for decentralized access control

We propose an effective administration model using organizational structure for a decentralized role-based access control environment. Access control administration is a critical issue for large organizations and information systems. A large organization needs decentralized access control by multiple security officers because it has many users and information objects, and a single security officer cannot do all the work. If an organization has multiple security officers, managing them is another important security task. The task includes defining the authority scope and keeping the administrative operations of each security officer legal. Access control administration means controlling security officers' administrative work. ARBAC is a typical model for access control administration. ARBAC defines authority scope using the role hierarchy, and it leads many shortcomings. Our proposed model uses the organizational structure as a basis for defining authority scope and keeping administrative operations legal. The proposed model overcomes the shortcomings of ARBAC, and offers a clear rationale for access control administration.