Click here for more information on advertising
Web Birds-Eye.Net
What's New?

Download Purchased Items

Research:
Analysis
International

Reference:
Acronyms & Definitions
Articles
Broadband Directory
Legacy
Operations
Other Articles
Ruby on Rails (RoR)
Technical
Yearly Predictions
> RSS Feeds <

Business Forms:
Due Diligence Checklist
Funding & VC Due Diligence
Real Estate Due Diligence

Resources:
Monitoring/Reporting/Benchmarking
Patent Harvesting Kit
Ready to Use Scripts
Source Code

Referral:
Expert Consulting
Referral

Other:
Advertise With Us
Feedback
 Recommended Reading
Fishing
House
Baby in the City
Blog

 

[Numeric] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

RBAC - Role Based Access Control

By: Christine Martz

Meaning of RBAC - "Role Based Access Control", is used to control a user's access to files or other resources based on their roles in the organization. It's main purpose is to limit access to a resource. The resource owner assigns permissions to the resource, but the roles are assigned by some authority, for example, the IT department or the personnel department. Every user on the system is assigned a role. Users without roles cannot take any action on the system. 

With RBAC, roles can be hierarchical so that if an employee is assigned access as an manager of the advertising department, he will be assigned roles as a member of the advertising department and as an employee. Before a user can take a role, that role must be authenticated for that user. Users can take action only if that action is authorized for that authenticated user's role. 

Role based access control (also called role based security), was introduced in 1992 by Ferraiolo and Kuhn and has become the most used model for advanced access control because it reduces the complexity and cost of security administration. 

Other Related Definitions:

“…Adopted from Sun's Trusted Solaris offering, RBAC has its roots in military and government computing systems where operations are more tightly controlled than in a typical commercial UNIX environment. Like sudo, RBAC allows sys admins the flexibility to grant users superuser privileges on a per-command basis.” [Ross Oliver - Sys Admin Magazine

“…Simply defined, RBAC is a security tool to allow any non-root users access to complete tasks, scripts, and so on, with superuser privileges. For example, you have a second-shift operator who has been tasked to reboot some servers. RBAC can be used to set up permissions for the operator to carry out this task, which normally requires superuser authority. This is done simply by first creating a user, or defining an existing user. Next, a role and profile are created, and the profile is assigned to the role. After the profile has been assigned to a valid role, the role is now assigned to the OS user. The profile will have associated with it the task or script that is required to be run.” [Kristopher M. March - Electronic Data Systems

“…Role-based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications. The concept and design of RBAC is perfectly suited for use on both intranets and internets. It provides a secure and effective way to manage access to an organization's Web information. This paper describes a research effort to develop RBAC on the Web. The security and software components that provide RBAC for networked servers using Web protocols have been implemented and are described in this paper. The RBAC components can be linked with commercially available web servers, and require no modification of the server software.”[National Institute of Standards and Technology]

“…Cost and inefficiency are among the factors that have propelled role-based access control (RBAC) to the forefront of identity access management strategies. Driven by advanced technology and built on secure data repositories, the RBAC model provides a scaleable, enterprise-wide control process for managing IT assets and controlling user access according to their roles and the attributes attached to those roles. While challenging to design and implement, RBAC systems can be tailored to each organization's unique business model and risk tolerance relative to data security. Once implemented, they require minimal maintenance, which goes a long way towards stemming the rising tide of IT costs. ” [Trey Guerin and Richard Lord - Portals Magazine

Related Links:

RBAC - Role-Based Access Control for the Web.
Access Control 101 - Understanding Access Control.
RBAC Identity Management - Role-based access control delivers information security and business benefits.
Custom Roles - Using RBAC in the Solaris OS 

Technical Resources:

RBAC Standards Roadmap - A list of RBAC standards activities.
RBAC Version 1.0 - XACML Profile for Role Based Access Control.
VA RBAC and Role Engineering site - Documentation, Scenarios, Steps, Permissions and Data Forms.
RBAC Case Studies - in IT infrastructure, financial systems, health care and HIPAA compliance, government and military. 

Products and Solutions:

Books About:

Role-Based Access Control - by David F. Ferraiolo
Information Security Roles & Responsibilities Made Easy, Version 2 - by Charles Cresson Wood 

See Also:

Other RBAC Related Resources

[Numeric] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

 

(C) Copyright Birds-Eye.Net, All rights reserved.
It is against the law to reproduce this content or any portion of it in any form without the explicit written permission of Birds-Eye Network Services, LLC. Federal copyright law (17 USC 504) makes it illegal, punishable with fines up to $100,000 per violation plus attorney's fees.