Role Based Access Control (RBAC)
Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.
Roles are normally created for the varying business roles or functions. Performance of certain activities is limited to certain job roles or functions. Staff members given the task to undertake such activities are given user accounts unique to them to undertake these roles (Ferraiolo, Kuhn & Chandramouli, 2003). This is normally under the discretion of the immediate supervisor through dialogue with the overall supervisor of a particular division or department.
RBAC ...view middle of the document...
The level of clearance varies with the extent of how sensitive the information is for others to acquire. The information could be top secret, which is information that could lead to extremely dire consequences if released; secretive information, which could cause damage that is serious if released; confidential information, which could cause exceptional damage; and lastly unclassified information is information with zero or no form of restriction attached to it.
Role based access control eases the implementation of MAC systems mainly due to its flexible nature. A user’s access can be varied through various means. Examples include withdrawing the rights of an individual in a particular role to specific rights can ease MAC system implementation in the sense that if the individual given the right changes or no longer has integrity, his or her privileges with regard to access can be revoked. This is essential in MAC implementation as privileges or system rights can be configured and reconfigured.
Traditional role oriented or based security sees application dwellings whereby the concern given priority is the integrity of information provided or obtained rather than secrecy. This though does not impact or make the need to have information to be kept secret less important. It also does not reduce or subdue the advantages of protection through role based initiatives to keep information secret. With added rules to keep information up to date and read operations, and access of information, we can still meet the requirements of MAC. It is, therefore, possible to implement MAC through role based access control.
MAC uses provisions that are normally hard coded and incorporated into an activity or application. RBAC makes MAC implementation easier owed to the fact that it is scalable. This is viable provided that the organization has a structure that is organized and well laid out. The same should be documented for it to make implementation easier. This then shows that RBAC supports a hierarchical structure, which is of great use to the MAC implementation system.
Ferraiolo, D., Kuhn, D.R., & Chandramouli, R. (2003). Role-based access control. Boston: Artech House.
Sieunarine, C.,V., & University of Oxford,. (2011). Evolving access control: models and analysis. Oxford Press.