The owner can always propagate an access right. However, we can also enable others to do so. Let $r$ be an access right - $r^*$ is the access right when its holder can propagate it - if $r^* \in ACM[s,o]$ - then $r$ or $r^*$ can be granted by $s$ to another subject $s^`$ - This means $s$ can grant permissions for $s^`$ to either have the role or be able to propagate the role - $r^+$ is the access right when its holder can revoke it - if $r^+ \in$ in $ACM[s,o]$ then - $r$ or $r^+$ can be deleted by $s$ from $ACM[s^`, o]$ - This means $s$ can revoke permissions for $s^`$ to either have the role or be able to revoke the role