In its basic form, RBAC consists of managing a set of users, a flat set of roles, a set of resources, and a universe of access permissions. The idea is to encapsulate subsets of access rights within named roles. Assigning a user to a particular role implies that he or she is granted access to the resources that are in the confines of that role. A role can represent a competency in a particular area and does not necessarily have to have any users assigned to it. A role without any directly assigned users is referred to in the literature as a virtual role and sometimes is also called a position [MOFF99, SAND96]. For instance, the role of a health care provider can be used as a high-level abstraction for a physician or a nurse. Roles that are assignable to users embody a concrete scope of responsibility. One might have the competency necessary to be a supervisor for several work groups but have the responsibility for only the work group he or she actually manages.

At a lower level, each resource manager exposes a functional interface providing access to its resources. Each such interface is known as an operation. Based on the semantics of the operation performed on the resource, one or more permissions might be required for that operation to take place. Permissions can be discretely disjoint of one another or can be related through some hierarchical semantics or other relationships. For example, in...