Conclusion

Practical experience with server systems using the Role Compatibility model for access control shows that base protection and service encapsulation are possible without drawbacks in usability. All protection requirements of these systems could be solved by proper RC configuration, while the well-known RBAC and DTE models each show several deficiencies.

The RC model as presented in this paper proved to be easy to use in simple setups, but also very flexible and powerful in complex environments. Combined with the RSBAC concept of Network Templates, even access to and from remote systems can be effectively controlled.