Role-based access control

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. RBAC is used by the majority of enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC).

Overview

RBAC is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. In large-scale systems, RBAC can be used to reduce the complexity and cost of security administration.

Components

RBAC includes several key components:

• Roles: A role is a job function or title which defines an authority level.
• Permissions: Permissions are the approval to perform certain operations.
• Users: Users are individuals who have access to the system.
• Sessions: A session is a mapping between a user and an activated subset of roles that the user is assigned to.

Role Hierarchies

Role hierarchies are a natural way of organizing roles to reflect the lines of authority and responsibility in an organization. Higher-level roles inherit the permissions of lower-level roles.

Constraints

Constraints are a powerful mechanism for laying out higher-level organizational policy. They can be used to enforce separation of duties, which ensures that no single individual has control over all phases of a transaction.

Benefits

RBAC offers several benefits:

• Reduced administrative work: By assigning roles to users, rather than individual permissions, the administrative overhead is significantly reduced.
• Improved security: By enforcing the principle of least privilege, users are only given access to what they need to perform their job.
• Scalability: RBAC is highly scalable and can be used in large organizations with thousands of users.

Applications

RBAC is widely used in various applications including:

• Database management systems
• Enterprise resource planning (ERP) systems
• Content management systems (CMS)
• Operating systems

Related Concepts

• Access control list (ACL)
• Mandatory access control (MAC)
• Discretionary access control (DAC)
• Attribute-based access control (ABAC)

See Also

• Access control
• Security policy
• User management
• Authentication

References

External Links

Wikimedia Commons has media related to

access control| |_}} {{#replace:Role-based access control| |_}}

.

Template:Compu-security-stub