Role And Task Based Access Control Model Computer Science Essay


This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Analysis of role-based access control model and role-based access control model shortcomings,this article presents a mix of roles and tasks based access control model(R-TBAC).In the R-TBAC, this article describes in detail about the assignment relationship between the user, roles, permissions, permits and other elements and the model dynamic and static constraint rules, to ensure that such a hybrid access control method is effective. At last, take the device management system in ERP in the information access as example,R-TBAC model can be used to ensure the feasibility of access to information in the process.


In the ERP system, large number of chaos dispersed data and information is classified, management, storage, that will help to improve enterprise management level, to increase the competitiveness of enterprises. However, due to network resources and opening up and sharing features, information security issues become very important. The user access control is to ensure that system security is one of the main measures. In recent years, access control technology research focused hot on the model of role-based access control(RBAC) and task-based authentication control(TBAC)[1][2].

However, these two types of model have flaws[3][4].This paper will present a new access control model(Task-Role Based Access Control) ,and apply it to ERP system and has made research and analysis.

Based on T-RBAC access control model

From the user access control aspect, some experts raised a number of new access control model, in order to enhance the safety and convenience of ERP system[5][6].The idea of a model designed in this paper is to use the role to determine the user's static access and to use the activity instance permissions to determine the current user's permissions, the user actually has access permission is static and dynamic combination of competence in order to achieve safe and convenient user access control.

T-RBAC model design

T-RBAC model mainly includes users, roles, Access permission, data objects, operations, tasks, task-flow, static constraints and dynamic constraints, etc.

The model structure chart

Users: Involved in the operation of the system activity instance, including individual and program.

the user drawn from the department, responsibilities and powers.

Access permission: Refers to with the operate ability to the application data.

Role Hierarchy[7]: Refers to partial order that role can be passed, inheritance.

Tasks: Refers to workflow in a logical unit can distinguish between movements, including several sub-tasks. The workflow may associated with multiple users.

Taskflow:According to a certain degree of dependence and constraint, several tasks form the workflow, and several tasks exist state-dependent relationship.

Data Objects: An activity-specific data in this model.

Operation: The actions of the user's object.

RI:In an instance of an event, the user has a dynamic access from the mapping of activity instance and role.

RP:Roles associated with a set of operations permission.

IP:Activity instance identified by the task-flow and tasks.

TP: Tasks associated with a set of operations permission.

Illustrate the T-RBAC model

In this model, a role can have multiple users and a user can also belong to different roles, as in figure1.Role hierarchy defines the inheritance relationship between the roles, and the role of inheritance within this model reflects a relationship between rights and responsibilities. Access permission corresponding to the binary group which are composed by an operation and data objects. In the run-time, a user belongs to a task associated with the role does not mean that a user has permission to complete all the activity instance, only indicates that the user has the ability to complete the task, and the user is granted dynamics permission.

With regard to safety, the T-RBAC model supports two well-known security principles: The principle of separation of duties[9] and the Principle of Least Privilege[10].Users, roles, licensing and activities in this model are taken to certain constraints, in order to reduce the risks of dynamic authorization. No matter what the role of the user to login, the task permissions exist only during the implementation of activity instance, and the task in the non-implementation period has no permission. Thus realizing the dynamic separation of privileges and revocation, and to increase the system dynamic adaptability.

T-RBAC model in ERP System

In the paper, the T-RBAC model is applied to the device resource management of ERP system. Full life-cycle management of the equipment is divided into procurement management and post-maintenance. Procurement management can be divided into purchase requisitions, procurement audits, equipment use and processing of fixed assets, and the latter part of the maintenance including equipment static information management (basic information) and dynamic information management (equipment of regular maintenance and equipment failure repair).More detailed equipment management process shown in Figure 2.

T-RBAC model design

According to role and task-flow and task description of the relationship between the state depicted by the figure2,S means the order of dependence, only after the current task is completed;F mean is dependent on the separation of powers and two tasks must be to the different roles;C mean is to remove the dependency, when the task can not be completed; D mean is agents dependency(task state),when current task can not be completed, then to another task.

The relationship between the two tasks : (1)

The relationship between a task with several tasks: (2)

A task flow composed of multiple tasks: (3)

As depicted by the figure2, in the device management module, system determines user access rights, through the roles and tasks which carried out the implementation process. This model is to achieve static and dynamic access control model based on a combination of role and task.

A user can have several roles : (4)

Each role has its own set of permissions: (5)

Users have real access: (6)

As in Figure 2,we set the role and the corresponding static access rights.

Buyers: Be responsible for equipment procurement plan.

Operators: Static information management, the use of information management.

Maintainers: Be responsible for equipment maintenance as well as related information on the registration.

Leaders: Be responsible for procurement, maintenance and other applications for review.

In the pre-maintenance, when the User1 starts an equipment procurement plan, then create a task instance â… . At this time, instance â…  has only User1 procurement plan permissions. As the mission states S, F constraints, this time only User2 has the instance â…  procurement audit authority,and Dynamic authorization depends on the instance â…  and tasks of the state's dependence constraint. In the latter part of maintenance,user3 applied for equipment maintenance, then create a new task â…¡, At this point only User4 has the overhaul authority for instance â…¡,and Dynamic authorization depends on the instanceâ…¡ and tasks of the state's dependence constraint.

The access control of equipment management process includes the pre-maintenance and the latter part of maintenance,so the T-RBAC model can achieve static and dynamic combination of access control permissions.


Analysis of access control model RBAC and TBAC defects, this article establishes the T-RBAC model and makes some analysis. Argument shows that the T-RBAC model is able to achieve the access control of user's static and dynamic combination.

Writing Services

Essay Writing

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.