Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.
Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
Application Using Role Based Access Control. ABSTRACT
Role Based access control (RBAC) is
an access control mechanism in which permissions are associated with roles, and users are made members of appropriate roles. This greatly simplifies management of permissions. Roles are closely related to the concept of user groups in access control. However, a role brings together a set of users on one side and a set of permissions on the other, whereas user groups are typically defined as a set of users only. The basic concepts of RBAC originated with early multi-user computer systems. The resurgence of interest in RBAC has been driven by the need for general- purpose customizable facilities for RBAC and the need to manage the administration of RBAC itself. As a consequence RBAC facilities range from simple to complex.
In earlier days Role Based Access Control
inspired several security frameworks but it gained its popularity only after NIST proposed a standard. But still the security aspect is still an afterthought in case of application development. NIST suggests the integration of RBAC security framework during the design phase of software development. This greatly simplifies the management of security after the application is developed and it takes fewer efforts than is necessary for security policy enforcement.
Role Based Access Control is an alternative to
the traditional access mechanism such as Mandatory Access Control, Discretionary Access Control and Ownership Based Control. The Role Based Access Control has various advantages over the traditional Access Control mechanisms as it has the provisions for addressing the issues like separation of duties and emergency authorizations. We will be building a web based policy management tool for creation and management of security policies and simultaneously consider and build an example Management Information System e.g., Banking for enforcing and validating the access control exercised by the policies build by the Policy Manager.