• Jinwei ， Yan Zhang，Ruixuan Li

Role-based access control (RBAC) has signi?cantlysimpli?ed the management of users and permissions incomputing systems. In dynamic environments, systemsare subject to changes, so that the associated con?gura-tions need to be updated accordingly in order to re?ectthe systems’ evolution. Access control update is com-plex, especially for large-scale systems; because the up-dated system is expected to meet necessary constraints.This paper presents a tool, RoleUpdater, which an-swers administrators’ high-level update request for role-based access control systems. RoleUpdater is able to au-tomatically check whether a required update is achiev-able and, if so, to construct a reference model. In lightof this model, administrators could ful?ll the changes toRBAC systems. RoleUpdater is able to cope with prac-tical update requests, e.g., that include role hierarchiesand administrative rules in effect. Moreover, RoleUp-dater can also provide minimal update in the sense thatno redundant changes are implemented.