# example domain 1

@keywords a.

@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix rbac:  <http:/dig.csail.mit.edu/2007/rowlbac/approach2/rbac#> .
@prefix :  <http:/dig.csail.mit.edu/2007/rowlbac/approach2/ex1domain#> .

# role descriptions 
# each role in the domain is an instance of the Role class
# role hierarchy is defined using subRole property

UnivPerson a rbac:Role.
Faculty a rbac:Role;
    rbac:subRole UnivPerson.
Student a rbac:Role;
    rbac:subRole UnivPerson.
UnderGradStudent a rbac:Role;
    rbac:subRole Student.
GradStudent a rbac:Role;
    rbac:subRole Student.
PrincipalInvestigater a rbac:Role;
    rbac:subRole UnivPerson.

# static sepatation of duties
PrincipalInvestigater rbac:ssod Student.

# dynamic separation of duties
# though you can be a student and a faculty, you cannot activate them in
# the same session
Faculty rbac:dsod Student.

#ends