Revocation of Access Rights

• In a dynamic system we may need to revoke access rights to objects.

• Several issues are important:

  • Revocation is immediate or delayed.
  • Revocation is general (affects all users) or selective (affects only certain users).
  • Revocation is total (affects all access rights) or partial (affects subset of the rights).
  • Revocation is temporary or permanent.

• Easy to implement with access lists.

• Harder to implement with capability lists.

Previous slide

Next slide

Back to first slide

View graphic version