Role-Based Access Control and the Access Control Matrix

Research output: Contribution to journalArticlepeer-review

20 Citations (Scopus)


The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real systems is usually based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) models. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relationships between the two explicit. In the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed.

Original languageEnglish
Pages (from-to)6-20
Number of pages15
JournalACM SIGOPS Operating Systems Review (OSR)
Issue number4
Publication statusPublished - Oct 2001

Fingerprint Dive into the research topics of 'Role-Based Access Control and the Access Control Matrix'. Together they form a unique fingerprint.

Cite this