Abstract: Paper covers general principles of building of access-control subsystems in applications and briefly describes base models which are usually employed thereto: mandatory, discretionary and role-based access controls. Paper considers restrictions of base role-based access control (RBAC) model which is widely adopted in modern applications due to relative simplicity of administration.

Paper in details covers features and components of access control model developed by authors, and shows that this model is free from restrictions of base role-based model. It proves that using new model its possible to implement base discretionary and role-based models. There are also possibilities to combine presented model with mandatory access control.