U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Role Based Access Control

Role Based Access Control RBAC

Publications

The following NIST-authored publications are directly related to this project.

Series & Number Title Status Released
Journal Article Role Engineering: Methods and Standards Final 12/08/2011
Journal Article Adding Attributes to Role-Based Access Control Final 06/01/2010
Journal Article RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control" Final 12/12/2007
Book Role-Based Access Control (2nd ed.) Final 01/31/2007
Book Role-Based Access Control (1st ed.) Final 01/01/2003
White Paper The Economic Impact of Role-Based Access Control Final 03/01/2002
Conference Proceedings The NIST Model for Role-Based Access Control: Towards a Unified Standard Final 07/26/2000
Conference Proceedings Supporting Relationships in Access Control Using Role Based Access Control Final 10/29/1999
Journal Article A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet Final 02/01/1999
Conference Proceedings Role-Based Access Control for the Web Final 10/29/1998
Conference Proceedings Role Based Access Control on MLS Systems Without Kernel Changes Final 10/23/1998
Conference Proceedings Role-Based Access Control Features in Commercial Database Management Systems Final 10/09/1998
Conference Proceedings Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management Final 10/01/1998
NISTIR 6192 A Revised Model for Role Based Access Control Final 07/09/1998
Conference Proceedings Comparing Simple Role Based Access Control Models and Access Control Lists Final 11/07/1997
Conference Proceedings Role Based Access Control for the World Wide Web Final 10/10/1997
NISTIR 5820 Distributed Communication Methods and Role-Based Access Control for Use in Health Care Applications Final 04/01/1996
Conference Proceedings Role-Based Access Control (RBAC): Features and Motivations Final 12/15/1995
Conference Proceedings Implementing Role-Based Access Control Using Object Technology Final 12/01/1995
ITL Bulletin An Introduction to Role-Based Access Control Withdrawn 12/01/1995
Conference Proceedings Role-Based Access Controls Final 10/13/1992

Contacts

RBAC Inquiries
rbac-info@nist.gov

David Ferraiolo
david.ferraiolo@nist.gov

Rick Kuhn
d.kuhn@nist.gov
(301) 975-3337

Ramaswamy "Mouli" Chandramouli
mouli@nist.gov
301-975-5013

Topics

Security and Privacy: access control

Created November 21, 2016, Updated June 22, 2020