Abstract
This project demonstrated a possible solution to implementing a Role Based Access Control (RBAC) security model in a database using XACML as an abstract specification layer. By using this process, we can define the RBAC system separate from any one-enterprise solution and use a translator to do the work of constructing it. This application consists of three main parts; the Application Engine, the XACML Parser and the SQL Generator. The Application Engine is used to control the different parts of the application and to interface with the user. The XACML parser is used to extract the relevant information from the input files and store that information in memory. The SQL Generator generates the necessary Transact-SQL code upon user command and executes it against the specified database. In this solution, we used Microsoft SQL Server 2012, which currently does not natively support the XACML specification but does support the creation of an RBAC security model. We also used JAVA to create the main application along with the JAVA provided XML Parser to traverse the XACML files. The result of running the application is a database implementation of an RBAC security model defined using the XACMLv3.0 RBAC v1.0 specification.