ANSI/INCITS 359-2004 Standard for Information Technology - Role Based Access Control

American National Standards Institute(ANSI). InterNational Committee for Information Technology Standards(INCITS). Approved February 3, 2004. 56 p. This standard consists of two main parts – the RBAC Reference Model and the RBAC System and Administrative Functional Specification. The RBAC Reference Model defines sets of basic RBAC elements (i.e., users, roles, permissions, operations and objects) and relations as types and functions that are included in this standard. The RBAC reference model serves two purposes. First, the reference model defines the scope of RBAC features that are included in the standard. This identifies the minimum set of features included in all RBAC systems, aspects of role hierarchies, aspects of static constraint relations, and aspects of dynamic constraint relations. Second, the reference model provides a precise and consistent language, in terms of element sets and functions for use in defining the functional specification.