1.1.3 Role-Based Access Control (RBAC)
Role-Based Access Control49 (RBAC) allows you to define permissions and privileges based on a users functional role within the organization or community. One of the most challenging problems in managing large networked systems is the complexity of security administration. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Role-based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications.
With RBAC, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, such as human resources rep or accounts payable data entry clerk, and each role is assigned one or more privileges that are permitted to users in that role, such as the right to access certain applications.
Security administration with RBAC consists of determining the operations that must be executed by persons in particular positions, assigning employees to the proper roles, and then granting the required permissions to each role. Complexities introduced by mutually exclusive roles or by role hierarchies are handled by the RBAC software, making security administration easier. Additionally, administrative burdens are reduced because when a user is added or deleted from the system, it is not necessary to go to every access control rule involving that user, and update it. Instead, adding the user to the appropriate roles (or deleting them) automatically includes (or excludes) the user in the appropriate access lists.
Some operating systems, such as UNIX and Windows, implement a degree of role-based security by placing each user into one or more groups defining that users role in the organization, and controlling access to files and other objects by granting permissions to certain groups.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.