Role Based Access Control
In computer systems security, Role-based access control (RBAC) is a
method of regulating access to computer or network resources based on the roles
of individual users within an enterprise. In this context, access is the
ability of an individual user to perform a specific task, such as view, create,
or modify a file. Roles are defined according to job competency, authority, and
responsibility within the enterprise. It is used by the
majority of enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC).
Within
an organization, roles are created for various job functions. The
permissions to perform certain operations are assigned to specific roles.
Members or staff (or other system users) are assigned particular roles, and
through those role assignments acquire the computer permissions to perform
particular computer-system functions. Since users are not assigned permissions
directly, but only acquire them through their role (or roles), management of
individual user rights becomes a matter of simply assigning appropriate roles
to the user's account; this simplifies common operations, such as adding a
user, or changing a user's department.
Three primary rules are defined for RBAC:
1.
Role assignment: A
subject can exercise permission only if the subject has selected or been
assigned a role.
2.
Role authorization:
A subject's active role must be authorized for the subject. With rule 1 above,
this rule ensures that users can take on only roles for which they are
authorized.
3.
Permission
authorization: A subject can exercise permission only if the permission is
authorized for the subject's active role. With rules 1 and 2, this rule ensures
that users can exercise only permissions for which they are authorized.
Very nice post but it will be better if you illustrate the examples also.
ReplyDeleteThank you for your comment. And I will add some useful examples very soon.
Delete