“…Our sources for these can be classified into three. (1) top-down design of RBAC policies [3,15,16,17], (2) role mining and engineering [18,19,20,21,22,23,24,25], and, (3) evaluation of approaches to access-enforcement [4,5,8]. We also have created some new kinds of policies based on policies from the literature.…”