Local area network configuration

In local area network configuration interaction, depicted in Fig.2.b, an initiator role can interact with a target role by performing some operation on the target role itself. In this paper, the pair operation and a target role is termed as a role-oriented permission; we use the term object-oriented permission to describe traditional RBAC permission that represents an operation over an object.

It is important to note that in a typical scenario there could exist interdependencies among different types of interactions and object-oriented permissions. For instance, a particular role-action permission may include several object-oriented permissions needed to complete the defined action. If such permission interdependency details could be provided by the underlying environment model, it can be used for access control policy analysis.