Role-based Access Control or RBAC is a security control model bases on user roles in the system. The roles are usually job function or titles that authorize the user to preform specified actions. In this model users are not assigned particular clearances and functions, but are given a role or many roles that come with these clearances and functions.
This is an older model of security, but is still applicable to day and many systems still use RBAC. For example Facebook is made up of many different roles such as: you the user, people who create groups, and Facebook administrators. Each role has its own permissions and accessibility in the system. The one with the least power are the users though they can create groups and have some rights that allow them to uses the website as they see fit. The users don't have access to change anything that they didn't put in meaning that they cant change other peoples photos or force people to be there friends. Leaders of groups are users but they also have new accessibility over there group to add, delete and modify the group as they wish but still they cant change the fundamentals of Facebook. Last and most importantly in this example are the administrators who moderate Facebook and have the power to remove users and delete peoples photos and information.
RBAC is an easy and sustainable security control model that allows for easy monitoring in system changes. Though, if there are a convoluted number of roles the model starts to deteriorate. For example if Facebook started giving out different types of accounts, gold accounts, silver accounts, exc. the web of security becomes multi-layered and it might be hard to detect users who constantly change access control since thousands of users can change every day. New types of restrictions would have to be placed on those who are administrators or even the creators so that people cannot change there access without prescribed preconditions that the administrators layout and suddenly the security control becomes hard to manage.
In short RBAC is great though it is best when there are a low number of security layers.
No comments:
Post a Comment