next up previous
Next: Assign Roles Up: Separation of Administration Duty Previous: Separation of Administration Duty

Admin Roles

Every role definition contains a set of roles, called Admin Roles, which processes performing this role are allowed to administrate. For many settings, e.g. the compatibility sets, additional privileges are required, which are explained below.
\begin{displaymath}
\mathrm{administraterole}_{tn}(\mathrm{p,r}) \Rightarrow\ r ...
...mathrm{adminroles}_{tn}(\mathrm{currentrole}_{tn}(\mathrm{p}))
\end{displaymath} (23)

The Admin Roles set of any role can only be changed by roles with Admin Type value Role Admin.


\begin{displaymath}
\mathrm{changeadminroles}_{tn}(\mathrm{p,r}) \Rightarrow\
\m...
...(\mathrm{currentrole}_{tn}(\mathrm{p})) =
\mathrm{role\_admin}
\end{displaymath} (24)



Amon Ott