Feature

Role-based access controls

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."

Download it now to read this article plus other related content.

Groups are Just a Start
Most people in the industry incorrectly equate RBAC with only creating individual roles or groups and assigning users to those containers. Assign the necessary entitlements and permissions to the containers, and you have an access control model that is easier to manage, better for enforcing least privilege, and more scalable compared to user identity-based access control.

True, the use of groups allows organizations to better assign privileges, monitor how data is accessed, and meet statutory and regulatory requirements pertaining to privacy and confidentiality.

However, constructing effective roles and policies is labor intensive and complex. Managing static access rights through access control lists (ACLs) quickly gets overwhelming and does not provide enough flexibility in our dynamic environments.

Groups and ACLs are a step in the right direction, but they are not powerful enough tools to provide the type of detailed, dynamic control that companies require for the extended enterprise in a Web-based world.

The RBAC model is much more complex than just using groups and ACLs and allows for granular security context- and content-based access decisions.

A more robust implementation of RBAC will be essential to meet security and business needs as they become more entwined with each other. Managing thousands or millions of accounts securely requires automated applications that can interoperate easily. This would

    Requires Free Membership to View

enable organizations to apply their RBAC schemes regardless of which HR, CRM, IAM, and/or database applications they have in place.

This was first published in May 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: