Next: Assign Roles
Up: Separation of Administration Duty
Previous: Separation of Administration Duty
Every role definition contains a set of roles, called Admin Roles,
which processes performing this role are allowed to administrate. For many
settings, e.g. the compatibility sets, additional privileges are required,
which are explained below.
- adminroles(r:role):set of roles := set of administrated roles for
role r
- administraterole(p:process, r:role) := process p administrates
settings of role r at time n
|
(23) |
The Admin Roles set of any role can only be changed by roles with Admin
Type value Role Admin.
- changeadminroles(p:process, r:role) := process p changes the set of
admin roles of role r at time n
|
(24) |
Amon Ott