The ARBAC97 model makes an important contribution to the understanding and modeling of administration in role-based access control. However, there are several features of the model which we believe could be improved. The RHA family of models provides a useful alternative to the RRA97 sub-model of ARBAC97 which is used to control updates to the role hierarchy. We present SARBAC -- an extension of the RHA$_4$ model to a complete model for role-based administration. We show that SARBAC has significant practical and theoretical advantages over ARBAC97. In addition, we briefly discuss how SARBAC can be used to reduce inheritance in the role hierarchy and how it can be configured to support discretionary access control features.
|Published - 2002