Abstract

The Next Generation Access Control (NGAC), founded on the Policy Machine (PM), is a robust Attribute Based Access Control (ABAC) framework that enables a structured and flexible approach for the establishment of Discretionary Access Control (DAC) policies, accommodates limited expression of non-confinement Mandatory Access Control (MAC) policies, has shown support for all aspects of the Role Based Access Control (RBAC) standard, and possesses algorithms for both peruser and per-object review. However, NGAC lacks the mechanism for other critical administrative review problems like comprehensive approaches to grant authorization (revoke authorization) for a denied access request (an authorized access request). We proposed approaches to grant authorization of (one of the administrative operations) any denied user assignment access request as our initial work in response to the policy review features not in the PM.