AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Access Control Business Case
- Role Based Access Control
- Access Control Cards
- Access Control Software Systems
- Network Access Control
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Role Based Access Control (RBAC)
What is role based access control?
Role based access control is the restriction of access to systems, applications and information based on the role the user is assigned.
In role based access control a user is assigned a role. With this role come various permissions. Permissions are the ability to perform certain operations. For example, if Jane Doe is assigned the role of accounts payable clerk, the payroll software will allow Jane to approve checks and issue them. It may also restrict the amount of check Jane can approve requiring, at some point, approval from the Accounts Payable Manager.
Roles are extremely useful in assigning permissions and operations to a given role. A person can be assigned to a role. Hence they're easier to manage than every time assigning specific operations and permissions to an individual. Many applications, networks and databases use role based access control for this reason.
However, when enterprises try to assign role based access control across the enterprise for multiple applications, role based access control often fails. The reason for this is that assigning roles for fast changing operational environments for thousands or tens of thousands of users and then assigning and managing the permissions is very hard to do and maintain. Often, there are more roles created than the total number of users.
Role based access control works best in environments where the pace of organizational and operational change is slow and where the human resource and IT security infrastructure is in place to support the definition and maintenance of roles and permissions. Examples of this include the military, government and some areas of industry where roles remain relatively constant.
MANY ROLE BASED ACCESS CONTROL PROJECTS FAIL
If you want to avoid this and instead, reap the benefits from a targeted role based access control project, you should hire a consultant who has hands on experience in deploying role based access control. Set your targets for low hanging role fruit. This is usually assigning large groups of people into dynamic groups.
For example, is Joan an employee or not? Is she in the Manufacturing business unit or not? Is she a US citizen or not? These are all examples of high level groups to which provisioning and portions of access control can be automated. Avoid however trying to go out into the enterprise and get everyone to agree on roles. This is usually a recipe for disaster.
Access Control Cards
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
