Documente Academic
Documente Profesional
Documente Cultură
Date: 6/28/2018
Table of Contents
Introduction......................................................................................................................................3
Literature Research..........................................................................................................................4
Team Collaboration......................................................................................................................5
Analysis...........................................................................................................................................7
RBAC Model...............................................................................................................................7
Collaboration................................................................................................................................7
Constraints...................................................................................................................................8
Conclusion.....................................................................................................................................13
Recommendation...........................................................................................................................14
References......................................................................................................................................15
ROLE-BASED ACCESS CONTROL (RBAC) 3
Introduction
Access to information is a vital element in any organization to ensure its growth and
productivity. In a distributed working environment, access control among different users is the
primary focus of the security management team. Therefore, the role-based model can resolve this
issue. The concept of role-based access control is introduced among different individual who
should access the system, and access authorization of objects is permitted depending on a
specific role. Due to the RBAC model, individuals in an organization are capable of getting any
authorization that corresponds to their roles. The capability of the RBAC model in simplifying
the authorization and security management in a distributed workflow has created an interest of
researching among scholars, and governmental and non-governmental organizations. The Role-
Based Access Model has done much in ensuring that users within an organization attend to their
From the late 1960s, research firms have suggested various information access control
models including discretionary, mandatory, and role-based among others (Sandhu, 2015). These
models are initiated in different applications to govern data access. Nonetheless, little of these
models address matters on governing data access in a teamwork collaborative workflow. Despite
the ability of RBAC authorizing users to access only the information they are permitted to access
environment. Therefore, this paper discusses how the role-based access control framework can
framework.
ROLE-BASED ACCESS CONTROL (RBAC) 4
Literature Research
Access Control Model is a necessity for improving information security. Besides, access
control model is also responsible for filtering irrelevant data, providing customized views, and
improving efficiency in information management. In 1969, Lampson introduced the first Access
Matrix, which was the first access control model (Chappell & Ballad, 2014). The model was
simple in structure, representing two components: access authorization and user identification.
The RBAC model came after the access matrix in 1973 under the proposal of Lapadule and Bell.
In the role-based approach, access permission was permitted to individuals basing on the rules.
Later on, the MAC invention was launched; access permission was governed in regards to
individual users. The MAC model was too complex and it consumed a lot of resources in
managing a large organization. This created the need of having a role based system in the earlier
1990s.
individuals in an organization and is now one of the primary methods for advanced information
security management. The model is designed only to allow employees access specific
information that defines their duties in the organization (Moses, Rowe, & Cunha, 2015).
responsibility, and job competency. Additionally, despite users having the ability to access
specific information, the level of access can be limited to viewing, modification, or creation of
files. As a result, entry-level and low-level employees do not have access to sensitive
information; it will positively contribute to full filing their responsibilities. The existing RBAC is
ROLE-BASED ACCESS CONTROL (RBAC) 5
administrative work and IT support. However, the system does not adequately support teamwork
studies, and patients’ care environment, the need of having collaborative teamwork is essential.
According to Montrieux (2013), various access control models that are in existence have been
Talwalkar, & Fahs et al. (2016), of the access control models has been designed to incorporate
biomedical research, patient’s care, and clinical studies, which calls for the need of conducting
more research to enhance the existing Role-Based Access Control model so that it can
Team Collaboration
Collaboration is when two or more individuals work together with the aim of achieving a
common goal. Team collaboration allows individuals working in the same industry meet on
common platform and work with each other towards the attainment of a specific objective
through brainstorming, thinking, and providing different ideas in generating the desired solution
(Boadu, & Armah, 2014). Besides, working together on a common platform inspires team
members with a strong sense of purpose and equal partaking. In an effort to promote teamwork
communication among team members. However, some of the industries like biomedical require
multi-disciplinary cooperation to achieve its purpose adequately (Brownson, Colditz, & Proctor,
In developing an access control model that defines access permission to the context of
team cooperation and workflow governance, different principals were used: firstly, effectiveness
whereby the model could be initiated to determine the specific extent of data access in a
collaborative process. Secondly, simplicity: whereby the system will constitute of simple
structures for more straightforward implementation. Nevertheless, the model had to be general.
The model should perform the impetus of information access governance; also, it should have
Having these common principles, the existing RBAC models were reviewed to determine
whether the new improved model could be developed basing on the previous studies. After
reviewing some models, it was found that RBAC model is widely used in many organizations.
Besides, it was also found that the structural layout of the RBAC is simple and its internal
structure can be modified to include other features. As a result, the RBAC would be used as the
collaboration and managing the workflow, the creation of a new improved constraint with
universal constraints is necessary (Le & Doll et al., 2013). These constraints could be responsible
for differentiating duties as it is in the current role-based model, access delegation constraint
with a role delegating access authorization basing on a given set of rules, collaboration constraint
to enhance teamwork collaboration, and finally the organizational constraint to separate duties
within organizations. With alliance to the universal constraint, the model poses an improved
ROLE-BASED ACCESS CONTROL (RBAC) 7
permission option within the specific workflow status, which will then be joined with the action
and assets on the RBAC core. It will have the responsibility of defining access authorization for
Analysis
RBAC Model
Access control has been introduced in many organizations with a purpose of enhancing
how information is managed and management of the workflow. From a healthcare perspective,
clinical records are much sensitive; thus, most studies on RBAC have been focusing on ways to
protect the confidentiality of patients’ records. However, as the need for collaborating in clinical
education with the workflow is a demanding factor for improving patients’ care, having an
RBAC system that incorporates clinical academicians with the workflow is a necessity.
The literature on the functionality and structure of the existing RBAC model has provided
important background on identifying which part of the model needs improvement. Most of the
current RBAC models are designed to manage workflow and access to information within one
the workflow should collaborate with clinical educationists to increase efficiency is not
Collaboration
Besides, the literature regarding teamwork collaboration indicates the need for
mentioned earlier, teamwork collaboration is vital in supporting the development of ideas that
lead to the attainment of a common goal. Besides, the previous efforts on improving
ROLE-BASED ACCESS CONTROL (RBAC) 8
background for stimulating this study. The introduction of CSCW systems in the healthcare
industry calls for the need of defining ways in which the workflow would be managed.
Therefore, the improved RBAC model aims at introduction methods in which teamwork
Constraints
Thus, it is more designed to minimize information access. This research work focusses on the
expansion of the existing security control system not only to restrict data access but also to
promote collaboration amongst individuals. In achieving the objective of the proposed system,
identification of various constraints was a vital area to put much focus. Besides, developing an
improved constraint in association with the universal constraint will best work when it comes to
The most valuable information obtained from the findings is that the existing studies that
have aimed at promoting workflow collaboration amongst individuals have not focused on
critical note on the need for improving the existing system to constitute on multi-organizational
teamwork collaboration. Nevertheless, finding out that the current RBAC model can be
expanded to incorporate other constraints positively contributes to the creation of the new
The proposed improved RBAC model has aimed at promoting teamwork collaboration
amongst different organizational disciplinary. The new system will constitute of access
permission option, which will work for hand in hand to ensure teamwork collaboration and
management of information access. Looking at this proposed structure, further studies should
focus on developing additional types of constraints for the enrichment of the workflow context
environment on commercial integrity security systems. The proposed RBAC model will best
(2012), in the design of an Object-Oriented protecting model, the primary function is to exploit
the Object-Oriented paradigm in organizing users’ responsibilities, establish their privileges, and
provide strategies for understanding the significance of using the improved RBAC system.
Incorporating the proposed RBAC model with the Object-Oriented application design,
users are subdivided into groups that best describe their roles within the multi-organizational
context. In the determination of which group should have access to what particular information,
different procedures are allocated to each specific team. Procedural allocation determines which
exact segment of an object team’s interface is made observable to other parties using the RBAC
model. In doing so, the object-oriented principality of hidden information is expanded and
ROLE-BASED ACCESS CONTROL (RBAC) 10
utilized in that; no single person can execute data unless under direct authorization. Besides, for
a given object, the interface is screened out to provide various access to different teams.
Since the proposed RBAC model will support multi-organizational teamwork, there will
be need of having a two based security authorization (Harris, 2014). Therefore, users’ access to
information will be authorized in two steps. First, an authorization that defines users in their
particular environment and the relationship between them should be established. Secondly,
access privileges are then allocated to user’s duties through the task established under the
procedural assignment. Using the relationship between the stipulated roles, the specific method
assignment framework is determined; hence making the least number of roles to attain the most
appropriate functionality.
The new improved RBAC model focusses on enhancing teamwork collaboration, which
is an important factor in productivity growth. Collaborating with individuals who have a similar
experience or different skills can directly benefit the involved parties. Besides, working as a team
improves everyone's experience as each member gets to learn new items of others. For instance,
taking into consideration the situation in healthcare care whereby there is a need for clinical
education persons to be involved in the procedures for taking care of the patients, the
introduction of the proposed RBAC system will be of great benefit since it enhances teamwork
collaboration.
Apart from enhancing collaboration among team members, the new improved model also
The new system will govern access to information and duties allocation within various sectors of
an organization. The organizational constraint added to the existing RBAC model will be
ROLE-BASED ACCESS CONTROL (RBAC) 11
responsible for ensuring roles management (Malik, Anjum & Raza, 2016). As a result, an
enterprise will be more efficient in its operations due to sharing of duties as a team.
Moreover, multi-organizations that will implement the new proposed RBAC system will
benefit in such a way that they can retrieve valuable information among themselves.
a multi-organizational setting. Since the accountability technique is not available in most of the
multi-organizational settings, the newly proposed RBAC model that enhances teamwork will
importantly fill an existing gap. Besides, despite having voluntary collaboration, the degree of its
accountability might not be more effective in some situations. Therefore, the introduction of the
new improved RBAC model will ensure that every organization in a multi-organizational context
Besides, the proposed Role-Based Access Control can be re-structured and applied at the
application level; thus, facilitating integrating of security constraints. The benefit of having an
application level security constraint is that it minimizes the complexity of making sure that the
stability of such specification is in order. The improved RBAC model supports the customizing
The implementation of the proposed RBAC system will require additional training of
users since more features would have been added to the system. Training of staffs consumes
additional costs that an organization can use to improve other sectors of its economy.
Furthermore, the costs are much higher when an outsourced professional is required to offer the
training to the access control model users. Besides, organizations that initially did not have the
ROLE-BASED ACCESS CONTROL (RBAC) 12
RBAC model implemented in its operations, the initiation of the improved model will be costly
since it will have to use much of its resources in purchasing various devices that work hand-in-
hand with the access control systems (Samarati, 2015). Nevertheless, organizations with the
existing RBAC system installed in its workflow environment, they might also use some of its
resources to acquire the proposed model and implement it. Therefore, the implementation of the
Despite the ability of the improved RBAC model in restricting unauthorized access to
system to a wide range of users. Arguably, as the number of users increases in computerized
environment chances of the system being hacked increases. Once the system has been hacked,
the hacker might have access to people’s information and other sensitive organizational
information. Besides, the hacker can also take control of various procedures without being
noticed. Simply put, the proposed RBAC model as much as it limits access, the system can be
tampered with.
In spite of the new improved RBAC model being advantageous in promoting teamwork
information to risk. For instance, taking the case of introducing the proposed model in a
healthcare environment whereby teamwork exists amongst clinical education students and the
workforce; there is a likely hood that some of the students accessing organizational information
might expose them to third parties since they are not adequately trained.
ROLE-BASED ACCESS CONTROL (RBAC) 13
Conclusion
to information an important factor. Since the late 1960s, access control model has seen its
advancement from the invention of Access Matrix up to the introduction of the RBAC. The role
based model allows organizations especially the security team to manage how individuals access
data. Besides, the model is best at ensuring that users attend to their specific duties. Due to its
ability in enhancing information security and role allocation, the RBAC model has been
employed in many sectors of the economy in the world today. The proposed RBAC model
Most of the existing RBAC models have tried to encourage teamwork within the internal
operation of an organization, which creates a gap for advancing the model to support multi-
organizational teamwork collaboration. In the development of the new improved RBAC model,
the effort relied on three principles, simplicity, straightforwardness, and generality to ensure that
the primary objective has been attained. Additionally, the existing RBAC provided the base
framework for the creation of the proposed model due to its capabilities to allow extended
features.
Nevertheless, three constraints were attached to the universal constraint to enable smooth
operation of the model in the new multi-organizational environment. The three constraints
Besides, a permission option will be introduced to the improved model that shows a work status.
Notably, the enhanced RBAC model will operate under Object-Oriented application. Object-
Oriented environment best defines individual’s roles and establishes frameworks for
Organizations that would implement the proposed model if will be approved will have
more benefits in its operations. First, the primary focus of the model is to enhance teamwork
increased productivity to the organization. Secondly, the improved RBAC model improves
model is expandable; thus, organizations that will initiate it in their operations will have the
advantage of expanding it to include more features. However, the improved model is at risk of
being hacked and misuse of information by clinical education trainees. Further studies should
focus on improving the security constraints and adding more constraints that support workflow
Recommendation
Biomedical, clinical education, patient health care multi-organization are the most
relevant institutions to incorporate the improved role-based model. The model was developed
with the contextual reference framework of the multi-organization as mentioned above thus little
efforts will be applied while implementing the model. Besides, the model is also recommended
However, few modifications of the system might be needed for full implementation. The
expandability capability of the improved RBAC model allows relevant organizations to alter it to
meet their company’s expectation. To add on that, I would like to recommend more research
should be done to limit the limitations of the improved system. On conducting further
investigations, much focus should be on enhancing the security constraints and an addition of
References
Boadu, E. O., & Armah, G. K. (2014). Role-based access control (RBAC) based in hospital
Brownson, R. C., Colditz, G. A., & Proctor, E. K. (2018). Dissemination and implementation
University Press
Chapple, M., Ballad, B., Ballad, T., & Banks, E. K. (2014). Access control, authentication, and
public key infrastructure. (2nd ed.). Sudbury, MA: Jones & Bartlett Learning.
Harris, S. (2014). CISSP online training: Inside the access control domain. TechTarget.
Inside-the-access-control-domain
Le, X. H., Doll, T., Barbosu, M., Luque, A., & Wang, D. (2014). Evaluation of an Enhanced
50, 184-195.
Malik, A. K., Anjum, A., & Raza, B. (2016). Innovative solutions for access control
Moses, S., Rowe, D. C., & Cunha, S. A. (2015). Addressing the Inadequacies of Role Based
Access Control (RBAC) Models for Highly Privileged Administrators: Introducing the
Samarati, P. (2015). Data and Applications Security and Privacy XXIX: 29th Annual IFIP WG
11.3 Working Conference, DBSec 2015, Fairfax, VA, USA, July 13-15, 2015,
Sandhu, R. (2015, April). Attribute-Based Access Control Models and Beyond. In ASIACCS (p.
Talwalkar, J. S., Fahs, D. B., Kayingo, G., Wong, R., Jeon, S., & Honan, L. (2016). Readiness
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4865374/