Attribute-based Access Control (ABAC) has been emerging as a suitable choice for large and federated enterprises due to its flexibility in expressing various types of security policies. Improved flexibility, however, results in higher design complexity and consequently, possibility of undesired flow of information. Reliance of access decision on the attribute values of subjects, objects and environment underscores the need for a formal way of managing attribute assignment in ABAC systems. Since large enterprises potentially have hundreds of subjects and thousands of resources, centralized management of attribute assignment is inexpedient. This paper introduces an attribute-based administrative model that supports decentralized administration of ABAC systems. The proposed model consists of a number of operations to administer the set of subjects and the set of subject attribute assignments in an ABAC system. We then suggest a methodology for analyzing the security properties of ABAC using Alloy analyzer in the presence of the proposed administrative model.