Application of role base access control in healthcare organization

Abstract

A detailed study of the role base access control system for a small real-world Healthcare Information System with the aim of achieving minimal access rights for each of the involved principles. In RBAC system permissions are assigned to defined roles rather than individual users. The prime aim of RBAC is to simplify security policy administration while facilitating the definition of flexible, customized policies. This simplifies a complex access control policy which a single security administrator cannot manage in a situation where users are frequently changing. In a network system, a large number of users, roles and program components are handled in RBAC. The development of new modeling concepts and techniques is required to support large-scale, enterprise- wide, distributed systems.-Role languages are required as they can simply modify constraint associated with roles so that permitting dynamic response to enterprise policy changes in a transparent fashion to applications.