A MODEL FOR IMPLEMENTING ROLE-BASED ACCESS CONTROL (RBAC) IN A TIERED DATA WAREHOUSE ARCHITECTURE

DOI: 10.31673/2409-7292.2025.031671

Authors

  • С. Л. Рзаєва, (Rzaeva S.L.) Borys Grinchenko Kyiv Metropolitan University
  • П. М. Складанний, (Skladanniy P.M.) Borys Grinchenko Kyiv Metropolitan University
  • І. В. Машкіна, (Mashkina I.V.) Borys Grinchenko Kyiv Metropolitan University
  • Ю. В. Костюк, (Kostyuk Yu.V.) Borys Grinchenko Kyiv Metropolitan University

DOI:

https://doi.org/10.31673/2409-7292.2025.031671

Abstract

The article presents a conceptual approach to building a role-based access control (Role-Based Access Control, RBAC)
model in a multi-tiered architecture of a data warehouse (DWH). In modern conditions of digitalization, when data warehouses
play a key role in the storage, processing and analytical use of corporate information, there is an urgent need for formalized
approaches to ensuring information security. The issue of delimiting access to sensitive information, preventing leaks of
confidential data, substitutions and unauthorized changes to data is especially relevant. The use of the RBAC model allows you
to centrally determine user permissions based on their roles within the organizational structure of the warehouse, implementing
the principle of least privilege and separation of duties. The developed model is focused on a multi-tiered architecture of a data
warehouse, which covers six functional levels: data sources, collection and processing, integration, physical storage, analytics,
as well as user access level. For each level, a separate RBAC implementation scheme is proposed, which takes into account the
nature of access to objects, types of roles, regulatory requirements (ISO/IEC 27001, GDPR, NIST SP 800-162), as well as
typical application scenarios. Key roles inherent in DWH environments are identified, such as: Data Steward, ETL Developer,
BI Analyst, Access Administrator, etc., with a clear description of their functional powers, areas of responsibility and areas of
application. The methodological basis of the study is functional modeling in IDEF0 notation, which allowed formalizing access
management processes in the form of a structured graphical model. The model demonstrates how the relationship between data
objects, technical means of access control and entities responsible for security in the DWH environment is implemented. The
proposed solution has both theoretical and applied significance, as it can be used as a methodological basis for creating access
policies, developing internal security documentation, automating access control and auditing in multi-tiered data warehouses.
Keywords: RBAC; role-based access; functional modeling; IDEF0; data warehouse; information security; cloud
computing; multi-tiered architecture; access control.

References
1. Marquis, Y. A. (2024). From theory to practice: Implementing effective role-based access control strategies to
mitigate insider risks in diverse organizational contexts. Journal of Engineering Research and Reports, 26(5), 138–154.
https://doi.org/10.9734/jerr/2024/v26i51141
2. Hocine, N. (2021). Agent-based access control framework for enterprise content management. Multiagent and
Grid Systems, 17(2), 141–160. https://doi.org/10.3233/MGS-210346
3. Alharbe, N., Aljohani, A., Rakrouki, M. A., & Khayyat, M. (2023). An access control model based on system
security risk for dynamic sensitive data storage in the cloud. Applied Sciences, 13(5), 3187. https://doi.org/ 10.3390/
app13053187
4. Wang, R., Li, C., Zhang, K., et al. (2025). Zero-trust based dynamic access control for cloud computing.
Cybersecurity, 8, Article 12, 1–15. https://doi.org/10.1186/s42400-024-00320-x
5. Akuthota, A. K. (2025). Role-based access control (RBAC) in modern cloud security governance: An in-depth
analysis. International Journal of Scientific Research in Computer Science, Engineering and Information Technology,
11(2), 45–52. https://doi.org/10.32628/CSEIT25112793
6. Carruthers, A. (2022). Role-based access control (RBAC). In Building the Snowflake Data Cloud (pp. 123–
149). Apress. https://doi.org/10.1007/978-1-4842-8593-0_5
7. Penelova, M. (2021). Hybrid role and attribute based access control applied in information systems.
Cybernetics and Information Technologies, 21(3), 85–96. https://doi.org/10.2478/cait-2021-0031
8. European Union. (2016). General Data Protection Regulation (GDPR) Regulation (EU) 2016/679. https://eurlex.europa.eu/eli/reg/2016/679/oj
9. International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information security,
cybersecurity and privacy protection Information security management systems Requirements. https://www.iso.
org/standard/82875.html
10. International Organization for Standardization. (2022). ISO/IEC 27002:2022 Code of practice for information
security controls. https://www.iso.org/standard/75652.html
11. European Union Agency for Cybersecurity. (n.d.). Guidelines on pseudonymisation techniques and best
practices. https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices
12. European Data Protection Board. (n.d.). Data protection by design and by default Guidelines 4/2019 on Article
25. https:/ / edpb.europa.eu / our-work-tools / our-documents / guidelines / guidelines-42019-article-25-data-protectiondesign-and_en
13. Костюк, Ю., Довженко, Н., Мазур, Н., Складанний, П., & Рзаєва, С. (2025). Методика захисту GRIDсередовища від шкідливого коду під час виконання обчислювальних завдань. Кібербезпека: освіта, наука, техніка,
3(27), 22–40. https://doi.org/10.28925/2663-4023.2025.27.710

Downloads

Published

2025-10-26

Issue

No. 3 (2025)

Section

Articles