Role-based access controls


This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."

Download it now to read this article plus other related content.

Implementing and managing access control can be a nightmare, especially in extended enterprises encompassing partners, suppliers, contractors and remote users. Regulatory requirements and fear of being the next data breach headline increase the pressure.

The challenge is as complex as it gets. What permissions does each user actually need? How do you keep track of authorized and unauthorized access? How do you enforce access policies across heterogeneous systems and applications? And how do you make sure that provisioning procedures are administered uniformly across the enterprise?

Trying to keep up manually is inefficient, costly and error-prone. Too much access leaves you open to insider abuse, as well as hackers who have their pick of unused or poorly managed accounts that have direct access to company assets. And, your auditors probably won't like what they see.

But, identity management products, designed to unify and automate this complex task, do not roll out easily and cheaply. They must somehow integrate diverse components that comprise an enterprise's often heterogeneous identity and access management (IAM) environment. "Identity management" is a somewhat loaded term that covers a smorgasbord of components, including authoritative sources, identity repositories, virtual or meta-directories, database integration components, access control policy enforcers and more.

Almost everyone acknowledges that a finely developed role-based access control

    Requires Free Membership to View

(RBAC) structure should be one of the first steps in architecting an enterprise access control infrastructure. A solid RBAC structure is the first step to constructing an enterprise access control infrastructure encompassing identification, authentication, authorization and auditing. RBAC simplifies the identification piece, which will feed into the authentication process.

However, real-world implementations are hamstrung by an often poor understanding of what RBAC is, and a lack of standardization that spawns proprietary solutions that are costly and difficult to integrate, maintain and scale.

We'll talk about these issues and examine the standards that are being developed to overcome them.

This was first published in May 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: