Scribd Logo
Upload

Welcome to Scribd!

  • Policy Management in Enterprise Application

    Uploaded by

    api-3708545
    36 views2 pages
    Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.

    Original Description:

    Project Synopsis

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    36 views2 pages

    Policy Management in Enterprise Application

    Uploaded by

    api-3708545
    Role-based access control (RBAC) assigns system permissions to roles and assigns users to appropriate roles, simplifying permission management. RBAC defines roles as a set of users and permissions, whereas user groups are only defined as a set of users. RBAC was originally developed for multi-user computer systems and interest has grown due to the need for customizable RBAC management facilities that range from simple to complex.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Policy Management in Enterprise

    Application
    Using Role Based Access Control.
    ABSTRACT

    Role Based access control (RBAC) is


    an access control mechanism in which permissions are
    associated with roles, and users are made members of
    appropriate roles. This greatly simplifies management of
    permissions. Roles are closely related to the concept of
    user groups in access control. However, a role brings
    together a set of users on one side and a set of permissions
    on the other, whereas user groups are typically defined as
    a set of users only. The basic concepts of RBAC originated
    with early multi-user computer systems. The resurgence of
    interest in RBAC has been driven by the need for general-
    purpose customizable facilities for RBAC and the need to
    manage the administration of RBAC itself. As a
    consequence RBAC facilities range from simple to complex.

    In earlier days Role Based Access Control


    inspired several security frameworks but it gained its
    popularity only after NIST proposed a standard. But still the
    security aspect is still an afterthought in case of
    application development. NIST suggests the integration of
    RBAC security framework during the design phase of
    software development. This greatly simplifies the
    management of security after the application is developed
    and it takes fewer efforts than is necessary for security
    policy enforcement.

    Role Based Access Control is an alternative to


    the traditional access mechanism such as Mandatory
    Access Control, Discretionary Access Control and
    Ownership Based Control. The Role Based Access Control
    has various advantages over the traditional Access Control
    mechanisms as it has the provisions for addressing the
    issues like separation of duties and emergency
    authorizations. We will be building a web based policy
    management tool for creation and management of security
    policies and simultaneously consider and build an example
    Management Information System e.g., Banking for
    enforcing and validating the access control exercised by
    the policies build by the Policy Manager.

    You might also like