Role-Based administrative models have been discussed for decentralized management in large RBAC (role-based access control) systems. The latest UARBAC model has significant advantages over other models. Dueto hierarchy relationships, administrative operations of UARBAC implicate permissions. By analyzing implicitauthorization, two flaws in definition and an implemental flaw in UARBAC are found, including being unable tocreate object, dangling reference and not supporting the least authorization. The paper corrects definitions ofadministrative operations for the former two. The least authorization in UARBAC is defined as the minimal rolematch problem. The paper proves the problem is NP-hard and gives a feasible algorithm based on greedy. The method will help the administrator use appropriate operations to achieve the least role assignment.