Fernandez, Minjie Hua.

When there are a large number and a variety of users in a system, the authorization rules for these users will become too difficult and cumbersome to maintain and the evaluation algorithm would not be efficient. Also, it is hard for security administrators to understand why a specific user is given a set of rights. In this thesis we develop group structures to solve these problems. Groups of users rather than individual users are subjects that receive access rights from the authorization system. We present structurings and primitives for user groups. Although they are presented in the context of an object-oriented database system they are general and could be applied to other data model, and even in operating systems.