RBAC has been touted as a policy-neutral access-control model. This implies that it can be used to model various access schemes such as discretionary and mandatory policies. Although the neutrality aspect of RBAC with respect to various security policies is not evident, researchers have shown its viability as a generalized access-control model encompassing both commercial as well as military access policies [SAND98, OSBO00].

Performing access decisions based on user groups pales in comparison to the benefits of RBAC for the main reason that user grouping is onedimensional. RBAC, on the other hand, is viewed as a two-dimensional grouping of users and privileges. A role, by definition, is an encapsulation of a set of users and at the same time a set of privileges. Because members of the same role have common privileges, simulating user groups using roles is a straightforward exercise. Each designated group is mapped to a separate role with user to role assignments that are identical to the membership in the group. Assigning privileges to roles is not needed here because user groups are not directly concerned with privilege grouping. This construction is very simple and unnecessary since it does not exploit the benefits brought forth by RBAC namely, encapsulation of privileges, arbitrary role hierarchies, and role constraints.

Discretionary access policies are founded on the notion of user ownership of resources and hence the unconditional access to the resource by its owner. The owner may further grant other users access to his or her resources...