next up previous
Next: ACL Up: Implemented Models Previous: AUTH

RC

The Role Compatibility model (RC) defines 64 roles and 64 types per target type. For ease of use, filesystem targets (FILE, DIR, FIFO, SYMLINK) share the same RC type set. For each pair of role and type, a compatibility vector of request types is defined. A subject may access an object with a request type, if the subject-object compatibility vector has the bit for this request set.

To allow control of requests with target NONE, those requests are checked against the SCD target 'other'.

Every user gets one default role assigned. Additional to types, roles can also be compatible with other roles, which means, a process running with a role can change to all compatible roles. Role compatibility thus defines a chain, possibly a circle, of roles that can be reached from a certain role.

Roles can not only be assigned to users, but also to program files. This can be done temporarily from execution start to the first setuid, via the initial_role attribute, or permanently with the force_role attribute. The latter also controls some special cases for role assignments. Initial roles are typically used for login programs, forced roles for administration tools or daemons.

For administration, there is a powerful separation of administration duty scheme, which e.g. allows to create closed or overlapping workgroups. For this, the role vectors admin_roles and assign_roles are defined for roles, and the additional access rights admin, assign, access_control and supervisor are defined for all types. The scheme is, like all other model details, described in the online model description at [RSBAC].

With its level of abstraction and design for *nix needs, the RC model gives a fast and flexible access control setup. It is thus recommended for most purposes.


next up previous
Next: ACL Up: Implemented Models Previous: AUTH
2001-12-03