Prasanna Bammigatti & P R Rao International Journal of Computer Science and Security, Volume-2 Issue-2 1 Delegation in Role Based Access Control Model for Workflow Systems Prasanna H Bammigatti prasannahb@gmail.com Department of Computer Science and Engineering S D M College of Engineering and Technology, Dharwad, Karnataka, India P R Rao pralhadrrao@gmail.com Department of Computer Science and Technology Goa University, Goa, India Abstract Role -based access control (RBAC) has been introduced in the last few years, and offers a powerful means of specifying access control decisions. The model of RBAC usually assumes that, if there is a role hierarchy then access rights are inherited upwards through the hierarchy. In organization workflow the main threat is of access control. The Role based access control is one of the best suitable access control model one can think of. It is not only the role hierarchies but also other control factors that affect the access control in the workflow. The paper discusses the control factors and role hierarchies in workflow and brings a new model of RBAC. This paper also over comes the conflicts and proves that the system is safe by applying the new model to the workflow. Keywords: RBAC, Control factors, Delegation. 1. Introduction The concept of role is well known. Its standard definition [1] is "a job function within the organization that describes the authority and responsibility conferred on a user assigned to the role". The concept of role in access control is critical and efficient one [2]. The role was taken as the fundamental key component in the reference model proposed [1]. The factors that made role based access control to be used in workflow are [3] Only a single rule can be applied, when there are multiple occupants of a single position The access rules do not have to be changed when user’s role is changed Separation of duties policies can be enforced for conflicting roles which place constraints on concurrent role occupancy In [1], the RBAC framework is extended to include role hierarchies. The model allows the occupants of superior roles to inherit all the positive access rights of their inferiors, and conversely ensures that the occupants of inferior positions inherit any prohibitions that apply to their superiors. However, the authors have pointed the situations that inheritance of access rights down the organizational hierarchy may be undesirable, and suggested the two possible ways of avoiding this by defining the entirely a new ordering of organizational hierarchy to define role hierarchy or defining subsidiary (private) roles outside the organizational hierarchy. The new ordering is referred in the extended RBAC models like users’ location context [4], time context [5], Task-role based access control (TRBAC) and coalition-based access control (CBAC)