ROLE BASED ACCESS CONTROL
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. It restricts the system access to authorized users only. It was developed to overcome the complexities of managing individual user permissions and their assignments. Security administration of large systems is complex, but it can be simplified by a role-based access control approach. A family of increasingly complex models shows how RBAC works. Users and RolesIn this context, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job competency, authority, and responsibility within the enterprise. Access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from users in an organization. Role establishment and deletion depends on the organizational functions change. In RBAC, roles can be easily created, changed, or discontinued as the needs of the enterprise evolve, without having to individually update the privileges for every user.Three primary rules are defined for RBAC:1. ROLE ASSIGNMENT: A subject can exercise permission only if the subject has selected or been assigned a role.2. ROLE AUTHORIZATION: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.3. PERMISSION AUTHORIZATION: A subject can exercise a permission only if the permission is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized.Roles and Role HierarchiesUnder RBAC, roles can have overlapping responsibilities,...
Please join StudyMode to read the full document