“…To overcome this issue, two alternative approaches are available: either (a) identify a fragment of the access control policies admitting a decision procedure for a restricted version of the safety problem or (b) consider unrestricted policies and design heuristic (albeit incomplete) methods capable of solving practically relevant instances of the general safety problem. For instance, several techniques for alternative (a) have been proposed for administrative models of Role-Based Access Control (RBAC) policies [33] as witnessed by a long stream of papers, e.g., [21,3,38,24,39,6,1,7,18,15,31,28,44]; whereas alternative (b) has been less investigated (see, e.g., [4,5]).…”