1. Field of the Invention
The present invention relates generally to an improved data processing system and, more specifically, to a computer implemented method, an apparatus, and a computer program product for role-based privilege management.
2. Description of the Related Art
Various systems used today represent authorization policy using role-based access control (RBAC) semantics. While a role may span many domains, for example, membership of the application admin role may confer administrative privileges for the operating system, a database, and an application server, there is no general way to represent the privileges conveyed by a role membership in a single way. Role-based privileges may vary from system to system, causing privileges to be relative to an install location of particular files on a system, particular universal resource locator (URL), Web resources, or operating system type.
The representation of the role-based access control policies has become complex and varied. Having to deal with various implementations of similar, yet different, role scenarios across multiple systems, subsystems, and applications typically leads to administration inefficiencies, confusion, and possible errors.