
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > How do role-based access control methods authorize user accounts?

Ask The Security Expert: Questions & Answers

EMAIL THIS

How do role-based access control methods authorize user accounts?

EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 21 November 2006
What is role-based access control?

BROWSE BY TAG

Identity Management and Access Control, Web Authentication and Access Control, Enterprise Identity and Access Management, Identity Management Technology and Strategy, Active Directory and LDAP Security, Expert Archive: Identity Management and Access Control, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	Learn about enterprise strategy for server virtualization single sign-on
	Employee information security awareness training for new IAM systems
	Can you combine RFID tag technology with GPS to track stolen goods?
	Is there a free enterprise-caliber password-management tool?
	Cryptosystem attacks that do not involve obtaining the decryption key
	Can any firm or organization get a digital signature certificate?
	Should the CTO have domain administrator access?
	Does password sharing in international branches violate SOX?
	What are best practices for secure password distribution after a data breach?
	Is it possible to encrypt CDs and DVDs as well as SD cards?

Web Authentication and Access Control

Changing times for identity management

How to use single sign-on for Web access control to prevent malware

IBM USB banking device stops keyloggers, malware

Can mutual authentication beat phishing or man-in-the-middle attacks?

Could someone place a rootkit on an internal network through a router?

Sun launches open source OpenSSO for identity management

Should a new user have to confirm an email address to gain access?

Shared Identity Providers Could Soothe Password Chaos

Users can no longer reach any Microsoft login site. Any ideas?

Vista WIL: How to take control of data integrity levels

Active Directory and LDAP Security

Using IAM tools to improve compliance

Ease the compliance burden with automation

Changing times for identity management

Product Review: Symark PowerADvantage 1.5

Do the Group Policy Object and 'Password Never Expires' flag interact?

Directory services and beyond: The future of LDAP

What are the benefits of identity managed as a service?

Enterprise role management: Trends and best practices

Identity Management Suites Enable Integration, Interoperability

What should an internal support model for identity management look like?

Active Directory and LDAP Security Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

access log (SearchSecurity.com)

anonymous Web surfing (SearchSecurity.com)

authentication, authorization, and accounting (SearchSecurity.com)

identity chaos (SearchSecurity.com)

knowledge-based authentication (SearchSecurity.com)

multifactor authentication (MFA) (SearchSecurity.com)

walled garden (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Role-based access control, or RBAC, is an access-control method that places a user into a group sharing identical access levels to a system. With RBAC, the user already has an individual account on the system, but is also added to a group that has access to the same resources.

RBAC relates more to authorization rather than authentication. Authentication verifies the user's account on the system, usually with an identity credential, like a user ID and password. Authorization verifies what data the user is allowed to access after being authenticated.

If a user is authenticated and has access to the system, it doesn't necessarily mean that he or she has access to everything on it.

Groups are assigned based on the security needs of a business or organization. There is no cookie-cutter approach to RBAC. It has to be tailor-made for each system, but that's not necessarily a bad thing. You wouldn't want your marketing staff, for example, to have access to payroll information that should only be visible to, say, human resources. Nor would you want human resources to know about upcoming marketing promotions that should be kept under wraps. With RBAC, everyone, including human resources and marketing, would have their own individual accounts, but their accounts would be part of their respective groups.

When lumping accounts for RBAC, both Active Directory in Windows and LDAP in Unix can be used to create groups.

More information:

Use our Insider Risk Management Guide to establish enterprise management controls.

Learn how to improve Web access control.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy