Introduction

The access-matrix model directly manipulates access rights in that granting or revoking access to a resource explicitly refers to a particular permission. This approach yields a fine-grain level of control where each access type and its required permissions are related by a mapping that can be one-to-one at the finest level. For example, the read permission clearly means one can view the information contained in a resource but not modify it or add to it. To allow for updates, a new access right such as write or append is needed. Although this approach offers the advantage of fine-tuning an access control policy to accommodate any level of access needed, it can be costly to manage. The inherent cost factor becomes apparent with the increase in the number of managed users and resources. Furthermore, the effects from resources removed or added to the system as well as users leaving and joining an organization or simply changing job functions adds up to the complexity and overhead of maintaining such policy. For example, assigning an employee to a new function may require revoking his or her access rights to a large number of resources that are no longer needed for the tasks required by the new position. Similarly, functions of the new job may require access to various new resources. In this scenario, explicit revocation of access rights as well as the granting of new ones needs to span every old and new resource that is or used to be...