Design Goals

The RC model design had to meet most access control requirements on modern Linux based server systems. In detail, the following design goals were accomplished:

Role based model:

The abstraction of users to roles and objects to types leads to administration on a functional level and avoids the complexity of per-object control.

Single roles:

Each process must have only one current role at a time. Each user ID must have only one default role, which can be assigned to the process when the user ID is acquired.

Program roles:

Different programs run by the same user must be able to have different roles. Program roles must override user default roles.

Changing of roles:

A process must be able to actively change its current role, if allowed by administration.

Single types:

Each object must have only one type.

Granularity:

Every role and type combination must have an individual set of allowed accesses.

Separation of administration duty:

The model must support separation of duty for administration.

Full configurability:

No hard-wired settings should be enforced.

Functional default settings:

When unconfigured, the model must allow the system to work as expected.

No changes to existing applications:

All applications that are not aware of the model must work as expected, unless when they have insufficient privileges.

Adaptive complexity:

Model administration should be only as complex as necessary to meet the actual requirements. Using default settings, the model must behave as a simple role model. All special behaviour must be optional.