Role-based access control
From Wikipedia, the free encyclopedia
(Redirected from RBAC)
Jump to: navigation, search
In computer systems security, role-based access control (RBAC) [1] [2] is an approach to restricting system access to authorized users. It is a newer alternative approach to mandatory access control (MAC) and discretionary access control (DAC).
RBAC is a policy neutral and flexible access control technology sufficiently powerful to simulate Discretionary Access Control (DAC) [3] and Mandatory Access Control (MAC). [4]
Prior to the development of RBAC, MAC and DAC were considered to be the only known models for access control: if a model was not MAC, it was considered to be a DAC model, and vice versa. Research in the late '90s demonstrated that RBAC falls in neither category.[citation needed]
Within an organization, roles are created for various job functions. The permissions to perform certain operations ('permissions') are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Unlike context-based access control (CBAC), RBAC does not look at the message context (such as where the connection was started from).
Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning the appropriate roles to the user, which simplifies common operations such as adding a user, or changing a user's department.
RBAC differs from access control lists (ACLs) used in traditional discretionary access control systems in that it assigns permissions to specific operations with meaning in the organization, rather than to low level data objects. For example, an access control list could be used to grant or deny write access to a particular system file, but it would not say in what ways that file could be changed. In an RBAC-based system an operation might be to create a 'credit account' transaction in a financial application or to populate a 'blood sugar level test' record in a medical application. The assignment of permission to perform a particular operation is meaningful, because the operations are fine grained and themselves have meaning within the application.
http://en.wikipedia.org/wiki/RBAC
Saturday, March 1, 2008
Security: Role-based access control (RBAC) defined
Labels:
access control,
EMR,
medical,
role-based,
security
Subscribe to:
Post Comments (Atom)
Blog Archive
-
►
2012
(35)
- ► April 2012 (13)
- ► March 2012 (16)
- ► February 2012 (3)
- ► January 2012 (3)
-
►
2011
(118)
- ► December 2011 (9)
- ► November 2011 (11)
- ► October 2011 (7)
- ► September 2011 (13)
- ► August 2011 (7)
- ► April 2011 (8)
- ► March 2011 (11)
- ► February 2011 (12)
- ► January 2011 (15)
-
►
2010
(183)
- ► December 2010 (16)
- ► November 2010 (15)
- ► October 2010 (15)
- ► September 2010 (25)
- ► August 2010 (19)
- ► April 2010 (21)
- ► March 2010 (7)
- ► February 2010 (6)
- ► January 2010 (6)
-
►
2009
(120)
- ► December 2009 (5)
- ► November 2009 (12)
- ► October 2009 (2)
- ► September 2009 (3)
- ► August 2009 (16)
- ► April 2009 (4)
- ► March 2009 (20)
- ► February 2009 (9)
- ► January 2009 (19)
-
▼
2008
(139)
- ► December 2008 (15)
- ► November 2008 (16)
- ► October 2008 (17)
- ► September 2008 (2)
- ► August 2008 (2)
- ► April 2008 (12)
-
▼
March 2008
(25)
- Web: Mashup Security
- Research: Conversations: Jon Bentley; On Algorithm...
- Web: HTML5 Jumps Off the Drawing Board
- Research: Now Blooming: Digital Models
- Research: The Future of Computing--Carbon Nanotube...
- Research: An Interview With Bjarne Stroustrup
- Software: DSLs Lead Development Paradigm Shift; do...
- Security: NIST Unveils Tool to Foil Attacks via DNS
- Research: Back to Basics: Algorithms
- Security: Researchers Secure the Browser
- Security: Defending Laptops from Zombie Attacks
- Web: Can We Fix the Web?
- Research: How to Make Smarter Software
- Research: Communities and the Networks That Define...
- Security: Researchers Create Next-Generation Softw...
- Security: When browsers attack
- Web: Voting for More Than Just Either-Or
- Software: Web Mashups Made Easy
- Research: Algorithm Finds the Network - For Genes ...
- Web: Study: Digital Universe and Its Impact Bigger...
- Research: Language of a Fly Proves Surprising; res...
- Security: Privacy-aware Role Based Access Control ...
- Security: Role-based access control (RBAC) fundame...
- Security: Role-based access control (RBAC) defined
- Research: From Palmtops to Brain Cells
- ► February 2008 (16)
- ► January 2008 (6)
-
►
2007
(17)
- ► December 2007 (4)
- ► November 2007 (4)
- ► October 2007 (7)
Blog Labels
- research
- CSE
- security
- software
- web
- AI
- development
- hardware
- algorithm
- hackers
- medical
- machine learning
- robotics
- data-mining
- semantic web
- quantum computing
- Cloud computing
- cryptography
- network
- EMR
- search
- NP-complete
- linguistics
- complexity
- data clustering
- optimization
- parallel
- performance
- social network
- HIPAA
- accessibility
- biometrics
- connectionist
- cyber security
- passwords
- voting
- XML
- biological computing
- neural network
- user interface
- DNS
- access control
- firewall
- graph theory
- grid computing
- identity theft
- project management
- role-based
- HTML5
- NLP
- NoSQL
- Python
- cell phone
- database
- java
- open-source
- spam
- GENI
- Javascript
- SQL-Injection
- Wikipedia
- agile
- analog computing
- archives
- biological
- bots
- cellular automata
- computer tips
- crowdsourcing
- e-book
- equilibrium
- game theory
- genetic algorithm
- green tech
- mobile
- nonlinear
- p
- phone
- prediction
- privacy
- self-book publishing
- simulation
- testing
- virtual server
- visualization
- wireless
No comments:
Post a Comment