Role Based Access Control
July 29th, 2010 By alishinwari

Role Based Access Control

The idea of role based access control was first introduced during the 1970’s and this model is most widely implemented on computer systems where the number of users is relatively large, where it became increasingly difficult for a system administrator to define and assign permissions to each and every user of a computer system. RBAC was introduced to streamline the cumbersome process of security management roles are used to group users with similar permissions together, permissions are then assigned to the roles which are inherited by the users who are its members, thus making the lives of system administrators much easier and simplifies the task of permission management.
Generally the roles that are created on a system or a group of systems vary from organization to organization and usually depend on their job functions. When roles are created and permissions have been granted to them these roles can be assigned to users based on their responsibilities and authorizations. Roles are very flexible and it is easy to add or remove users from roles. It’s easy to assign new permissions as well as to revoke permissions from the roles within a system.
In RBAC the decision to allow access to a piece of data depends upon the role of the user and the permissions associated with that role. Hence the policy enforced by an RBAC access control system depends upon how the owner or the security administrator of the computing platform configures the various components of RBAC including the roles their permissions and the assignment of roles to the users, as well as the hierarchy of the roles and the relationships among them.

Leave a Reply


(Required)

(Required)