PARAMETERIZED RBAC AND ARBAC POLICIES FOR A UNIVERSITY Mikhail I. Gofman, C.R. Ramakrishnan, Scott D. Stoller, and Ping Yang version: 14 January 2009 *********************************************************************** 1. STUDENTS *********************************************************************** STUDENT ROLE SCHEMAS (18) ========================= Student A student Student(dept, cid) A student registered for a course Student(dept) A student assigned to a department Undergrad An undergraduate student Undergrad(dept, cid) An undergraduate student registered for a course Undergrad(dept) An undergraduate student assigned to a department Grad A graduate student Grad(dept, cid) A graduate student registered for a course Grad(dept) A graduate student assigned to a department HonorsStudent(dept, cid) An honors student registered for a course HonorsStudent(dept) An honors student assigned to a department Grader(dept, cid) A grader of a course TA(dept, cid) A TA of a course RA(fac) An RA of a faculty member UndergradPermittedGradClass An undergraduate student permitted to take a graduate class UndergradPermittedGradClass(dept, cid) An undergraduate student taking a graduate class GradStudOfficer A graduate student officer GradCommittee(dept) member of graduate committee of a department ROLE HIERARCHY FOR STUDENT ROLES ================================ Student < Undergrad < Undergrad(dept) < Undergrad(dept,cid) < UndergradPermittedGradClass < Grad < Grad(dept) < Grad(dept,cid) < HonorsStudent Student(dept, cid) < Undergrad(dept, cid) < Grad(dept, cid) Student(dept) < Undergrad(dept) < Grad(dept) OBJECT SCHEMAS ============== GradeBook(stu), ComputerAccount(stu), StudentParkingPermit(stu), Tuition(stu), StudentHealthInsur(stu), RoomSchedule, GradeBook(dept, cid) CAN_ASSIGN RULES WITH STUDENT ROLES AS TARGET ============================================= #Undergraduate student assignments can_assign(AdmissionOffice, true, Undergrad) can_assign(AdmissionsCommittee(dept = DEPT), UnderGrad, UnderGrad(dept = DEPT)) can_assign(RegistrarOffice, Undergrad(dept=DEPT), Undergrad(dept = DEPT, cid = CID)) #Graduate student assignments can_assign(GradAdmissionsCommittee(dept = DEPT), true, Grad(dept = DEPT)) can_assign(RegistrarOffice, Grad(dept=DEPT), Grad(dept = DEPT, cid = CID)) #Honors student assignments can_assign(HonorsPgmDirector(dept = DEPT), Undergrad(dept = DEPT), HonorsStudent(dept = DEPT)) can_assign(RegistrarOffice, HonorsStudent(dept=DEPT), HonorsStudent(dept = DEPT, cid = CID)) #Faculty may allow an undergraduate student to take a graduate class can_assign(Faculty(dept = DEPT), Undergrad(dept = DEPT), UndergradPermittedGradClass(dept=DEPT)) can_assign(RegistrarOffice, UndergradPermittedGradClass(dept=DEPT), UndergradPermittedGradClass(dept = DEPT, cid = CID)) #Graduate students can be appointed as TA's and RA's and Undergrads can be #appointed as graders can_assign(DeptChair(dept = DEPT), Undergrad(dept = DEPT), Grader(dept = DEPT, cid = CID)) can_assign(Faculty(dept=Dept), Grad(dept=DEPT), RA(fac=Self)) can_assign(DeptChair(dept = DEPT), Grad(dept = DEPT), TA(dept = DEPT, cid = CID)) #Graduate students can participate in the graduate admissions processes can_assign(DeptChair(dept = DEPT), Grad(dept = DEPT), GradStudOfficer(dept = DEPT)) can_assign(DeptChair(dept = DEPT), GradStudOfficer(dept = DEPT), GradCommittee(dept = DEPT)) CAN_REVOKE RULES WITH STUDENT ROLES AS TARGET ============================================= can_revoke(RegistrarOffice, Undergrad(dept = DEPT, cid = CID)) can_revoke(RegistrarOffice, Grad(dept = DEPT, cid = CID)) can_revoke(RegistrarOffice, HonorsStudent(dept = DEPT, cid = CID)) can_revoke(RegistrarOffice, UndergradPermittedGradClass, UndergradPermittedGradClass(dept = DEPT, cid = CID)) can_revoke(HonorsPgmDirector(dept = DEPT), HonorsStudent(dept = DEPT)) can_revoke(Faculty(dept=DEPT), RA(Self)) can_revoke(DeptChair(dept = DEPT), Grader(dept = DEPT, cid = CID) can_revoke(DeptChair(dept = DEPT), TA(dept = DEPT, cid = CID)) can_revoke(DeptChair(dept = DEPT), GradStudOfficer(dept = DEPT)) can_revoke(DeptChair(dept = DEPT), GradCommittee(dept = DEPT)) SMER CONSTRAINTS FOR STUDENT ROLES ================================== SMER(Undergrad, Grad) SMER(TA, RA) SMER(Grad(dept=D, cid=C), TA(dept=D, cid=C)) SMER(Undergrad(dept=D, cid=C), Grader(dept=D, cid=C)) ROLE-PERMISSION ASSIGNMENT FOR STUDENT ROLES ============================================ note: we wrote parts of the RBAC policy, to help illustrate the functions of each role, but since our main interest is the ARBAC policy, we did not write a complete RBAC policy. # Student related permissions PA(Student, [viewGrade, GradeBook(stu=Self)]) PA(Student, [create, ComputerAccount(stu=Self)]) PA(Student, [obtain, StudentParkingPermit(stu=Self)]) PA(Student, [pay, Tuition(stu=Self)]) PA(Student, [enroll, StudentHealthInsur(stu=Self)]) # Grader related permissions PA(Grader(dept = DEPT, cid = CID), [assignGrade, GradeBook(dept = DEPT, cid = CID)]) PA(Grader(dept = DEPT, cid = CID), [viewGrade, GradeBook(dept = DEPT, cid = CID)]) # TA related permissions PA(TA(dept = DEPT, cid = CID), [assignGrade, GradeBook(dept = DEPT, cid = CID)]) PA(TA(dept = DEPT, cid = CID), [viewGrade, GradeBook(dept = DEPT, cid = CID)]) PA(GradStudOfficer(dept = DEPT), [reserveRoom, RoomSchedule]) *********************************************************************** 2. EMPLOYEES *********************************************************************** EMPLOYEE ROLE SCHEMAS (34) ==================================== Employee A basic employee Employee(dept) An employee of the department FullTimeEmployee A basic fulltime employee FullTimeEmployee(dept) An fulltime employee of the department Faculty A faculty Faculty(dept) Staff A staff Staff(dept) AdmissionsOfficer DeanOfAdmissions AsstForStudentAffairs Assistant for the student affairs RegistrasOffice Provost Provost of the university President The president of the university Dean A dean of the school DeptChair DeptChair(dept) A department chair of a department Instructor(dept, cid, term) Instructor of a course for a particular semester TenuredFac Lecturer Lecturer(dept) AssistantProf AssistantProf(dept) AssociateProf AssociateProf(dept) Professor Professor(dept) Professor of the department GradAdmissionsCommittee(dept) Graduate admissions committee of a department FacilitiesCommittee(dept) The facilities committee member FacilitiesDirector(dept) Facilities director QualExamCommittee(dept) Qualification exam committee in a particular department QualExamCommitteeHead(dept) Head of the qualification exam committee HonorsPgmDirector(dept) The honors program director in a department OBJECT SCHEMAS ============== EmployeeParkingPermit(emp), EmployeeHealthInsur(emp), GradeBook(dept, cid), DeptBudget(dept), Roster(dept, cid) CollegeAcct, UniversityAcct, ROLE HIERARCHY FOR EMPLOYEE ROLES ================================= Employee < Staff < FullTimeEmployee < Faculty < Employee(dept) Staff < AdmissionsOfficer < DeanOfAdmissions < Provost < President < RegistrasOffice < Provost < Staff(dept) < DeptChair(dept) Faculty < Faculty(dept) Lecturer < Lecturer(dept) AssistantProf < AssistantProf(dept) TenuredFac < TenuredFac(dept) AssociateProf < AssociateProf(dept) Professor < Professor(dept) Faculty < Lecturer < AssistantProf < TenuredFac < AssociateProf < Professor < DeptChair < Dean < Dean(school) < Provost Employee(dept) < Staff(dept) Employee(dept) < Faculty(dept) Employee(dept) < FulltimeEmployee(dept) Faculty(dept) < Lecturer(dept) < AssistantProf(dept) < TenuredFac(dept) < AssociateProf(dept) < Professor(dept) < DeptChair(dept) QualExamCommittee(dept) < QualExamCommitteeHead(dept) FacilitiesCommittee(dept) < FacilitiesDirector(dept) CAN_ASSIGN RULES WITH EMPLOYEE ROLES AS TARGET ============================================== # Basic employee assignments can_assign(President, true, Staff(dept = DEPT)) can_assign(President, true, RegistrasOffice(dept = DEPT)) can_assign(President, true, DeanOfAdmissions) can_assign(President, true, AssistantProf(dept = DEPT)) can_assign(President, true, AssociateProf(dept = DEPT)) can_assign(President, true, Professor(dept = DEPT)) can_assign(President, Professor ^ not DeptChair, Provost) # Teaching-related rules can_assign(President, true, Lecturer) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), QualExamCommittee(dept = DEPT)) can_assign(DeptChair(dept = DEPT), GradCommittee(dept = DEPT), QualExamCommitteeHead(dept = DEPT)) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), Instructor(dept = DEPT, cid = CID, term = TERM)) # General management positions assignment can_assign(Provost, Professor and not DeptChair, Dean) can_assign(Dean, Professor(dept = DEPT) and not Dean ^ not Provost, DeptChair(dept = DEPT)) can_assign(Dean, Staff, AsstForStudentAffairs) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), HonorsPgmDirector(dept = DEPT)) # Admissions related can_assign(President, true, DeanOfAdmissions) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), GradAdmissionsCommittee(dept = DEPT)) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), GradCommittee(dept = DEPT)) can_assign(DeanOfAdmissions, Staff, AdmissionsOfficer) # Facilities committee related can_assign(DeptChair(dept = DEPT), Employee(dept = DEPT), FacilitiesCommittee(dept = DEPT)) can_assign(DeptChair(dept = DEPT), Faculty(dept = DEPT), FacilitiesDirector(dept = DEPT)) CAN_REVOKE RULES FOR EMPLOYEE ROLES =================================== All roles that can be assigned by an administrator A can be revoked by A. SMER CONSTRAINTS FOR EMPLOYEE ROLES =================================== # No user can participate in undergraduate and graduate admissions processes SMER(AdmissionsOfficer, GradAdmissionsCommittee(dept)) ROLE-PERMISSION ASSIGNMENT ========================== # General employee permissions PA(Employee, [obtain, EmployeeParkingPermit(emp=Self)]) PA(FullTimeEmployee, [enroll, EmployeeHealthInsur(emp=Self)]) # Instructor can maintain gradebook for courses he/she is teaching PA(Instructor(dept = DEPT, cid = CID), [assignGrade, GradeBook(dept = DEPT, cid = CID)]) PA(Instructor(dept = DEPT, cid = CID), [submitGradeChange, GradeBook(dept = DEPT, cid = CID)]) PA(Instructor(dept = DEPT, cid = CID), [submitGrades, GradeBook(dept = DEPT, cid = CID)]) PA(Instructor(dept = DEPT, cid = CID), [reviseGrades, GradeBook(dept = DEPT, cid = CID)]) PA(Instructor(dept = DEPT, cid = CID), [viewGrades, GradeBook(dept = DEPT, cid = CID)]) # Department chair can modify the department's budget PA(DeptChair(dept = DEPT), [modify, DeptBudget(dept = DEPT)]) # Permissions of the Dean PA(Dean, [approveLateWithdrawal, Roster(dept = DEPT, cid = CID)]) PA(Dean, [approveGradeChange, GradeBook(dept = DEPT, cid = CID)]) PA(Dean, [authorizeExpenditure, CollegeAcct]) # President can authorize expenditures on the university account PA(President, [authorizeExpenditure, UniversityAcct]) # Assistant for student affairs can approve course withdrawals, grade changes PA(AsstForStudentAffairs, [allowLateWithdrawal, Roaster(dept = DEPT, cid = CID)]) PA(AsstForStudentAffairs, [approveGradeChange, GradeBook(dept = DEPT, cid = CID)]) # Facilities director for a department can modify the department's budget PA(FacilitiesDirector(dept = DEPT), [authorizeEquipmentPurchase, DeptBudget(dept = DEPT)]) *********************************************************************** 3. SAMPLE ANALYSIS QUESTIONS *********************************************************************** 1. Can an administrator initially in role {President} assign a user initially in {Faculty(dept=cs)} to {gradAdmissionsCommittee(dept=ee)}? Yes 2. Can administrators initially in role {RegistrarOffice, gradAdmissionsCommittee((dept, cs))} assign a user initially in {grad} to {grad(dept=cs, cid=501)}? Yes 3. Can an administrator initially in {deptChair(dept=cs)} assign a user initially in {faculty(dept=DEPT)}, to {qualExamCommitteeHead(dept=cs)}? Yes 4. Can the administrators in roles {honorsPgmDirector(dept=cs), faculty(dept=cs)} assign a user initially in role {Undergrad(dept=cs)} be assigned to {undergradPermittedGradClass(dept=cs), honorsStudent(dept=cs)}? Yes 5. Can the administrators in roles {deptChair(dept, cs)} assign a user initially in role {lecturer(dept=cs)} be assigned to {facilitiesDirector(dept=cs)}? Yes