Role-Based Access Control and the Access Control Matrix G. Saunders Basser Department of Computer Science, University of Sydney, Australia gsaunder@cs.usyd.edu.au M. Hitchens and V. Varadharajan School of Computing & Information Technology, University of Western Sydney (Nepean), Australia {m.hitchens,v.varadharajan}@uws.edu.au Abstract The Access Matrix is a useful model for under- standing the behaviour and properties of access control systems. While the matrix is rarely im- plemented, access control in real systems is usu- ally based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) mod- els. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relation- ships between the two explicit. In the process of constructing this model, some fundamental sim- ilarities between certain capability models and RBAC are revealed. 1 Introduction Computer systems contain large amounts of in- formation. Much of this information is of a sen- sitive nature. For such information it is neces- sary to be able to define what entities have ac- cess to the information and in what ways they can access the information. These functions are variously known as access control or authorisa- tion. The basic model of access control is the Access Control Matrix (or ACM) [9, 6]. The ac- cess control matrix specifies individual relation- ships between entities wishing access (subjects) and the system resources they wish to access (ob- jects). For each subject-object pair the allow- able access appears in the corresponding entry in the (two-dimensional) matrix. Current access control mechanisms do not implement the ac- cess control matrix directly, due to well known efficiency problems [13]. However, most access control mechanisms in current use are based on models, such as access control lists or capabili- ties [3, 4], which have a direct relationship with the access control matrix. Recently there has been an increasing interest in other models of access control. One of the more prominent of these has been Role Based Access Control (or RBAC) [5, 11, 12]. The in- terest in these alternative approaches to access control has, at least in part, arisen due to the 1