Role-based Access Control (RBAC)

In Role-Based Access Control, roles are an intermediate layer between users and the permissions to
execute certain operations.

Operations can be well-formed transactions with built-in integrity checks that actually mediate the
access to protected objects or resources. Then, users are assigned roles and are made authorised to
execute the operations linked to their active role.

RBAC are based on underlying concept of 'Separation of Duties'.

Separation of Duties (SoD) refers to policies that stop single users from becoming too powerful.
Examples for SoD are:

@) rules stating that more than one user must be involved to complete some transaction,

@) rules stating that a user permitted to perform one set of transactions is not permitted to perform
some other set of transactions,

@) the separation between front office and back office in financial trading firms is an example, or

@) rules stating that policy administrators may not assign permissions to themselves.

Static SoD rules are considered during user-role assignment, dynamic SoD must be enforced when a role
is activated.

The NISTRBAC model distinguishes between:

• Flat RBAC: users are assigned to roles and roles to permissions to operations; users get permissions to
execute procedures via role membership; user-role reviews are supported.

• Hierarchical RBAC: adds support for role hierarchies.

• Constrained RBAC: adds separation of duties.

• Symmetric RBAC: adds support for permission-role reviews, which may be difficult to achieve in large
distributed systems.
Many commercial systems support some flavor of role-based access control, without necessarily
adhering to the formal specifications of RBAC published in the research literature. RBAC is an elegant
and intuitive concept, but may become quite messy in deployment as well.

Practitioners note that RBAC works as long as every user has only one role, or that “the enormous effort
required for designing the role structure and populating role data” constitutes an inhibitor for RBAC.

___________________________

You can watch 👀 all the videos of Cybersecurity Series here:

Facebook Page : 👉👉👉 Cybersecurity Prism https://www.facebook.com/cybersec.prism/

Please click on the 'Follow' button 💛 on my Facebook page, to receive a Facebook notification when I
publish another live video!

You can connect with me:

Hear My Podcast: https://anchor.fm/meena-r

Linkedin Page : Cybersecurity Prism https://www.linkedin.com/company/10117131/

Facebook Group : Cybersecurity Forever https://www.facebook.com/groups/cybersec.forever/

___________________________

🙊🙉🙈

#cloudsecurity #computers #Cyber #cyberattack #Cybersecurity #cybersecurityawareness

#cybersecuritythreats #cybersecuritytraining #cyberthreats #datasecurity #EthicalHacking #hacked
#Hackers #Hacking #infosec #iot #IT #itsecurity #KaliLinux #linux #malware #networking #pentesting
#privacy #ransomeware #security #technology #computersecurity #computerscience #wifiRole-based
Access Control (RBAC)

In Role-Based Access Control, roles are an intermediate layer between users and the permissions to
execute certain operations.

Operations can be well-formed transactions with built-in integrity checks that actually mediate the
access to protected objects or resources. Then, users are assigned roles and are made authorised to
execute the operations linked to their active role.

RBAC are based on underlying concept of 'Separation of Duties'.

Separation of Duties (SoD) refers to policies that stop single users from becoming too powerful.
Examples for SoD are:
@) rules stating that more than one user must be involved to complete some transaction,

@) rules stating that a user permitted to perform one set of transactions is not permitted to perform
some other set of transactions,

@) the separation between front office and back office in financial trading firms is an example, or

@) rules stating that policy administrators may not assign permissions to themselves.

Static SoD rules are considered during user-role assignment, dynamic SoD must be enforced when a role
is activated.

The NISTRBAC model distinguishes between:

• Flat RBAC: users are assigned to roles and roles to permissions to operations; users get permissions to
execute procedures via role membership; user-role reviews are supported.

• Hierarchical RBAC: adds support for role hierarchies.

• Constrained RBAC: adds separation of duties.

• Symmetric RBAC: adds support for permission-role reviews, which may be difficult to achieve in large
distributed systems.

Many commercial systems support some flavor of role-based access control, without necessarily
adhering to the formal specifications of RBAC published in the research literature. RBAC is an elegant
and intuitive concept, but may become quite messy in deployment as well.

Practitioners note that RBAC works as long as every user has only one role, or that “the enormous effort
required for designing the role structure and populating role data” constitutes an inhibitor for RBAC.

___________________________

You can watch 👀 all the videos of Cybersecurity Series here:

Facebook Page : 👉👉👉 Cybersecurity Prism https://www.facebook.com/cybersec.prism/

Please click on the 'Follow' button 💛 on my Facebook page, to receive a Facebook notification when I
publish another live video!

You can connect with me:

Hear My Podcast: https://anchor.fm/meena-r

Linkedin Page : Cybersecurity Prism https://www.linkedin.com/company/10117131/

Facebook Group : Cybersecurity Forever https://www.facebook.com/groups/cybersec.forever/

___________________________

🙊🙉🙈

#cloudsecurity #computers #Cyber #cyberattack #Cybersecurity #cybersecurityawareness

#cybersecuritythreats #cybersecuritytraining #cyberthreats #datasecurity #EthicalHacking #hacked
#Hackers #Hacking #infosec #iot #IT #itsecurity #KaliLinux #linux #malware #networking #pentesting
#privacy #ransomeware #security #technology #computersecurity #computerscience #wifi