| Administrative RBAC (ARBAC) policies specify how Role-Based Access Control (RBAC) policies may be changed. It is often difficult to understand the effect of an ARBAC policy by simple inspection, because sequences of changes by different administrators may interact in unexpected ways. ARBAC policy analysis algorithms can help by answering questions, such as user-role reachability. The generalized problem is intractable.;We identify classes of policies of practical interest, develop analysis algorithms for them, and analyze their parameterized complexity, showing that the algorithms may have high complexity with respect to parameter k characterizing the hardness of the input (where k is often small) but have polynomial complexity in terms of the overall input size when the value of k is fixed.;The ARBAC97 model lacks parameterized roles. Parameters significantly enhance the scalability, flexibility, and expressiveness of ARBAC. We define PARBAC97 which extends ARBAC97 with parameters, and present algorithms for its efficient analysis. |
