An Introduction to Role-Based Access Control

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

ITL Bulletin

Withdrawn on January 01, 2010.

An Introduction to Role-Based Access Control

Documentation Topics

Date Published: December 1995

Abstract

This bulletin provides background information on Role-Based Access Control (RBAC), a technical means for controlling access to computer resources. While still largely in the demonstration and prototype stages of development, RBAC appears to be a promising method for controlling what information computer users can utilize, the programs that they can run, and the modifications that they can make. Only a few off-the-shelf systems that implement RBAC are commercially available; however, organizations may want to start investigating RBAC for future application in their multi-user systems. RBAC is appropriate for consideration in systems that process unclassified but sensitive information, as well as those that process classified information.

Keywords

access control; RBAC; role-based access control

Control Families

None selected

Documentation

Publication:
December 1995 CSL Bulletin (txt)

Supplemental Material:
None available

Related NIST Publications:
Conference Paper
Conference Paper

Document History:
12/01/95: ITL Bulletin (Final)

Topics

Security and Privacy

access control