NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
RBAC book cover RBAC book "A must read."
Review from IEEE Computer Society, Security & Privacy

"Overall, this is a great book."
Linux Journal
Image of Gold Medal 2002 Gold Medal for Scientific/ Engineering Achievement - US Department
Multi Colored arrow pointing up 1998 Excellence in Technology Transfer Award - Federal Laboratory Consortium
Globe 1998 Best Paper - Nat Inf Systems Security Conf

Helpful RBAC Resources

Early Papers

D.F. Ferraiolo and D.R. Kuhn (1992) "Role Based Access Control" 15th National Computer Security Conference - original RBAC paper; introduces a formal model for role based access    PDF

D.F. Ferraiolo, J. Cugini, D.R. Kuhn (1995) "Role Based Access Control: Features and Motivations", Computer Security Applications Conference - extends the 1992 model PDF

R. S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman (1996), "Role-Based Access Control Models", IEEE Computer 29(2): 38-47, IEEE Press, 1996.- introduces a framework for RBAC models PDF

RBAC Theory and Practice Timeline - early theoretical results for RBAC models that evolved into RBAC standard


Back to Top

New Draft Implementation Standard Proposed

Download PDF file


Back to Top

How to Join CS1.1 Group

Download PDF file


Back to Top

Request Use Cases

View HTML file


Back to Top

Downloadable RBAC Software

This section provides links to several downloadable RBAC software items. The items listed here are currently out of date and are no longer supported. These items can be used as examples of source code, but will not run on operating systems such as MS XP or Vista.

Installation Instructions

RBAC for UNIX/POSIX/Linux and RBAC for Windows NT (UNIX tar file)

RBAC for UNIX/POSIX/Linux and RBAC for Windows NT (compressed UNIX tar file)

RBAC Conference Much of the research on RBAC appears first in proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), previously ACM Workshop on Role-Based Access Control (RBAC), 1995-2000