Hierarchical Role-Based Access Control Architecture for CRM/ERM Systems with Complex Data Topologies
DOI:
https://doi.org/10.15407/fmmit2025.41.072Keywords:
CRM/ERM systems, role-based access control (RBAC), hierarchical data, object-oriented access, privileges, scalability, Permission Assignment, Privilege Escalation,access control, data protection, distributed systems, immutability, and ephemeral infrastructureAbstract
This paper proposes an advanced access management architecture designed for Customer Relationship Management (CRM) and Enterprise Resource Planning (ERM) systems that manage data within complex hierarchies. Recognizing the limitations of traditional flat RBAC models in providing object-level security, the architecture introduces dedicated entities for Groups (G), Hierarchical Nodes (O), and a specialized Permission Assignment (PA) mechanism. This extension enables dynamic access decisions based on the intersection of a user's role, group membership, and the target object's position in the hierarchy. The model is characterized by high scalability ) and relies on permission aggregation via union. Key findings highlight the model’s effective balance between fine-grained control and administrative efficiency, while acknowledging the inherent complexity in evaluation and the need for strict governance via the Privilege Escalation (PE) permission.
References
Mark G. Graff, Kenneth R. van Wyk, Secure Coding: Principles and Practices, O'Reilly Media, Inc., 2023. https://www.amazon.com/Secure-Coding-Principles-Mark-Graff/dp/0596002424
Welcome to the OWASP Top 10 - 2021 OWASP 2022. [Online]. Available https://owasp.org/Top10/
Paco Hope, Ben Walther, Web Security Testing Cookbook, O'Reilly Media, Inc., 2008. https://www.oreilly.com/library/view/web-security-testing/9780596514839/
Secure coding guidelines, Microsoft 2021. [Online]. Available: https://learn.microsoft.com/en-us/dotnet/standard/security/secure-coding-guidelines
Mark J. Price. C# 9 and .NET 5 - Modern Cross-Platform Development: Build intelligent apps, websites, and services with Blazor, ASP.NET Core, and Entity Framework Core using Visual Studio Code, 5th ed; Packt Publishing: 35 Livery Street Birmingham B3, 2PB, UK, 2020. https://www.amazon.com/NET-Cross-Platform-Development-intelligent-Framework/dp/180056810X
Samuele Resca. Hands-On RESTful Web Services with ASP.NET Core 3 1st ed; Packt Publishing: 35 Livery Street Birmingham B3, 2PB, UK, 2019. https://www.amazon.com/Hands-RESTful-Services-ASP-NET-Core/dp/1789537614
Secure development and deployment guidance, National Cyber Security Centre. [Online]. Available: https://www.ncsc.gov.uk/collection/developers-collection
Adam Freeman. Pro ASP.NET Core 6: Develop Cloud-Ready Web Applications Using MVC, Blazor, and Razor Pages, 9th ed; Appres: London, UK, 2022. https://www.amazon.com/Pro-ASP-NET-Core-Cloud-Ready-Applications/dp/1484279565 https://doi.org/10.1007/978-1-4842-7957-1
Cesar de la Torre, Bill Wagner, Mike Rousos, NET Microservices Architecture for Containerized .NET Applications, One Microsoft Way Redmond, Washington 98052-6399, 2022. https://learn.microsoft.com/en-us/dotnet/architecture/microservices/
V. Samotyy, U. Dzelendzyak, N. Mashtaler,"A Comparative Study of Data Annotations and Fluent Validation in. NET", International Journal of Computing, Vol. 23, iss. 1,p.72-77, 2024, doi: 10.47839/ijc.23.1.3437. https://doi.org/10.47839/ijc.23.1.3437
