This paper describes a corrected and simplified specification of role-based access control (RBAC) based on the specification in the ANSI standard for RBAC. We give a complete specification of core RBAC, explaining the methodology we used in developing it; we then give a complete specification of hierarchical RBAC, with an additional option for managing the relationship on roles; and we also describe a specification of constrained RBAC, making extension relationships among RBAC components clear. We compare our specification with the standard and point out errors and unnecessary complications we found. We also describe the principles for developing clear and simpler specifications, and summarize our method and results for generating efficient implementations.