# cwm ex2domain.n3 ex2data.n3 ex2session.n3 rpo-rules.n3 rbac.n3 --think --filter="rbac.n3"
# session 1 of example domain 2

@keywords a.

@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix rbac:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/rbac#> .
@prefix ex:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex2domain#> .
@prefix data:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex2data#> .
@prefix :  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex2session#> .

# possible roles
#Mary a ex:Faculty, ex:Student. # if activated together dynamic separation of duty
#Karen a ex:Student, ex:PrincipalInvestigater. # violation: static separtion of duty
#Ted a ex:Faculty.

# to activate a Faculty role, Mary performs the following action
MaryFaculty a rbac:ActivateRole;
   rbac:subject data:Mary;
   rbac:object ex:Faculty.

# to activate a Student role, Karen performs the following action
KarenStudent a rbac:ActivateRole;
   rbac:subject data:Karen;
   rbac:object ex:Student.

# to activate a faulty role, Karen performs the following action
# not permitted because faculty is not one of Karen's possible roles
KarenFaculty a rbac:ActivateRole;
   rbac:subject data:Karen;
   rbac:object ex:Faculty.

# to deactivate faculty role
MaryFacultyDeactivate a rbac:DeactivateRole;
   rbac:subject data:Mary;
   rbac:object ex:Faculty.

MaryStudent a rbac:ActivateRole; # violation of DSOD
   rbac:subject data:Mary;
   rbac:object ex:Student.

# can Karen print
KarenPrint a data:PrintOnFacultyPrinter; rbac:subject data:Karen.

# can Mary print
MaryPrint a data:PrintOnFacultyPrinter; rbac:subject data:Mary.

#ends