International Refereed Journal of Engineering and Science (IRJES) ISSN (Online) 2319-183X, (Print) 2319-1821 Volume 3, Issue 9 (September 2014), PP.53-67 www.irjes.com 53 | Page Role-Based Access Control (Rbac) Based In Hospital Management 1 Edwin Okoampa Boadu, 2 Gabriel Kofi Armah 1 State Key Laboratory of Electronic Thin films and Integrated Devices, University of Electronic Science and Technology of China, Chengdu, Sichuan 610054, P. R. China. 2 School of Computer Science and Technology University of Electronic Science and Technology of China, Chengdu, Sichuan 610054, P. R. China. Abstract:- A key issue in any information security is to protect information about all forms against unauthorized access. Innovation access control model is now becoming a need for application on systems due to emerging acts. Role based access control (RBAC) is a feasible alternative to traditional Discretionary Access Control (DAC) and Mandatory Access Control (MAC). RBAC has been presented to be cost operative and is being employed in different application domains on account of its characteristics: policy neutrality, separation of duty relations, rich specification, and principal of least privilege and ease of managerial issues. Managing the hospital workers, assigning duties and keeping confidential health records effectively is a big hurdle these days. Accordingly, the administration of different security levels, resources, users, tasks etc. is indispensable. This study focused on a Hospital management system by using Role Based Access Control (RBAC). The design architecture is based on RBAC concepts, according to the concept, only the administrator has the privilege to manage or administer the data. She/he provides all types of privileges required to maintain users, their authorization and access, and the authorized resources. The administrator controls the largest information, including access to health care workers‟ files and has the sole access to all potential workers and their assigned duties. This study took into the account the security access control, and security policies and methods integrated into the RBAC which is appropriate for hospital management system. RBAC is used to control the access to patients‟ medical records, files and the hospital resources and eliminates security violations. In the design, the language C++/Qt framework is used to implement the security workflow for different LOGIN processes. Keywords:- RBAC Concept, Security Policy, Hospital Management, Architecture. I. INTRODUCTION Intrusion and unwavering security issues in the management of firms, organizations and private workflow environments is becoming so common these days, there is the need to have a better security system to manage and to cut out these intrusions. Any information management needs to protect their resources, and data against such an unauthorized revelation at the same time ensuring their accessibility to potential work use. Access control policy is one of the most popular and security mechanism these days applied in most security systems of management. Threats to the Hospital management, security resources have grown dramatically in proportion to the ever growing number and kind of users – not only employees, but also partners, patients and customers –who have access to resources. The problem in hospital management is more complex than a simple case of keeping unauthorized external users out, it‟s about ensuring that authorized, and legitimate users have access only to specific resources to which they are entitled to. The constantly changing nature of roles, users doesn‟t make this any easier. Role-Based Access Control has been improved by the National Institute of Standard and Technology (NIST) after DAC and the MAC. It is an authorized model that defines the access to the objects which are the resources. It decouples users and permissions by introducing roles. RBAC now defines:  ⊆    (1) A permission represents an authorization to perform an operation on an object. A declaration access control is the specification of an authorized by a relation. A user has access to the objects only if he/she has the appropriate permission.  ∈  ℎ  ∈  : ,  ∈  (2) The essence of Role-based access control (RBAC) [1]is that permissions are assigned to roles. This simplifies the security management and helps to determine efficiently, which permissions are authorized for what Users in a large organizationwhich in this case Hospital Management is the case study. The nature of roles