Role-Based Access Control (RBAC) has been widely applied to authorize certain users to access certain data or resources within complex systems. Several issues arose during the applications of RBAC models, which include the constraints applied in user-role assignments and role-role relations, revoking redundant roles and assignments, etc. These problems bring high costs in RBAC management. This paper addresses these problems from the perspective of visualization in order to enhance role management in RBAC, particularly leveraging the experience of DAG visualization and the administrative cost. A detailed problem statement is made first, and then a DAG normalization process is proposed to construct a refined role hierarchy. Subsequently, a two-layered paradigm, the lower for displaying role hierarchy and permissions, and the upper for placing users, is presented for the visualization of role management in RBAC. Additionally, some specific interaction techniques are put forward to visually aid in solving the constraint and redundancy problems. A two-stage user observation conducted in laboratory environment suggests the effectiveness and usability of the prototype system for the security administrator in role management of RBAC.
