Term · 9. Business Processes & Methodology
Hierarchical Role Model HRM
Definition
Role design where roles form a hierarchy and child roles inherit permissions from parent roles. Senior Developer inherits all Developer permissions and adds more. Reduces role count but introduces invisible privilege inheritance risk. NIST INCITS 359 RBAC defines hierarchical RBAC as a standard variant.
- Application
- Implementations: AWS IAM (role chaining via AssumeRole), Microsoft Entra Roles (built-in role hierarchy), most IGA platforms support hierarchical modeling. Best practice: explicit hierarchy visualization in UI.
- Standards & regulations
-
- ANSI INCITS 359-2004 «2.2 Hierarchical RBAC. Hierarchical RBAC adds requirements for supporting role hierarchies. A hierarchy is mathematically a partial order defining a seniority relation between roles. If role x is seni»
- OASIS XACML 3.0 RBAC Profile Version 1.0 «This specification defines a profile for the use of the OASIS eXtensible Access Control Markup Language (XACML) to meet the requirements for “core” and “hierarchical” role based access control (RBAC) »
Related terms
-
Access Control (AC)
Mechanism that determines whether a principal is permitted to perform a specific action on a specific resource. Includes …
-
Access Management (AM)
Discipline of granting and enforcing access to resources after identity has been established. Encompasses authentication …
-
Attribute-Based Access Control (ABAC)
Authorization model evaluating attributes of subject (role, department, clearance), object (sensitivity, owner), action …
-
Authorization (AuthZ)
Process of deciding whether an authenticated principal is permitted to perform a requested action on a resource. Distinc …
-
Cloud Data Access Governance
Discovery, classification, and access control for sensitive data across cloud data stores (S3, Snowflake, BigQuery, Data …
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …