Written assignment unit 4

University of the people

Databases 2

CS 3306

Instructor Irfan Rashid

Feb 24, 2025

In the field of information security, controlling access to sensitive data is of paramount

importance. Access control models serve as frameworks that define how users interact with

data and resources within a system. Two prominent models are role-based access control

(RBAC) and label-based access control (LBAC).

Role-Based Access Control (RBAC)

Role-based access control is a widely used access control model that assigns permissions to

users based on their roles within an organization. In this framework, roles are defined

according to business functions, and permissions are tied to these roles rather than individual

users possibility "can define how a user interacts with data—permitting read-only or

read/write access to certain roles" (McCarthy, 2024, Para 2). This abstraction simplifies the

management of user permissions, especially in large organizations.

The basic components of role-based access control include:

1. Roles: Labels that represent specific job functions or responsibilities within an

organization.

2. Users: Individuals who are assigned to one or more roles based on their job

responsorganizatio.

3. Permissions: Access rights associated with roles, which define the actions that can be

performed on resources.
4. Sessions: Instances in which users activate a subset of their assigned roles, allowing for

dynamic access control.

Implementing role-based access control offers several benefits:

1. Simplified administration: Assigning permissions to roles rather than individuals reduces

administrative overhead.

2. Enhanced security: By enforcing the principle of minimum privilege, users can access only

the information necessary for their roles.

3. Scalability: RBAC is well suited for organizations with large user bases and complex

hierarchical structures.

However, RBAC also has limitations. It may lack the granularity required for some scenarios,

where permissions are tied to roles without taking contextual factors into account.

Additionally, managing a large number of roles in dynamic environments can become

complex.

Label-Based Access Control (LBAC)

Label-Based Access Control, also known as Mandatory Access Control (MAC), is an access

control model that assigns security tags to both users and data. Access decisions are made

based on a comparison of these tags "Access levels are developed in tandem with certain
departments or roles" (Maxsenti, 2021, Para 20). Ensuring that users can only access data for

which they have appropriate authorization.

The key components of tag-based access control include:

1. Security tags: attributes assigned to data and users that indicate sensitivity levels or

classifications.

2. Policy rules: predefined rules that govern how security tags are compared to grant or deny

access.

The tag-based access control model works by enforcing strict policies that prevent

unauthorized access to data, making it particularly valuable in environments where data

sensitivity is of paramount importance, such as government or military organizations.

The benefits of tag-based access control include:

1. High security: Strict enforcement of access policies reduces the risk of data breaches.

2. Data sensitivity management: Effectively handling data with varying levels of sensitivity

through fine-grained access controls.

However, LBAC poses challenges, including:

1. Complex administration: Managing and assigning security labels can be complex and time-

consuming.

2. Low Flexibility: The rigid nature of LBAC may not accommodate dynamic access needs

or rapidly changing organizational roles.

When comparing RBAC and LBAC, several differences emerge:

1. Flexibility vs. Rigidity: RBAC provides flexibility by allowing role assignments to adapt

to organizational changes. In contrast, the rigid structure of LBAC enforces strict access

based on security labels, which may be less adaptable to change.

2. Control granularity: LBAC provides fine-grained access control by evaluating security

labels at the data level "it is stricter in terms of hierarchy; Users must match certain criteria

before being granted access to specific data" (Stone, 2020, Para 4). Making it suitable for

environments where data sensitivity varies greatly. RBAC, while effective, may not provide

the same level of detail without incorporating additional policies.

3. Administrative Overhead: RBAC simplifies management through role assignments,

reducing the complexity of managing individual permissions. However, LBAC requires

careful management of security labels and policies, which can increase administrative effort.

4. Use Cases: RBAC is commonly used in commercial sectors where roles and

responsibilities are well-defined, facilitating efficient access management. LBAC is prevalent

in government and military organizations where data classification and strict access controls

are critical.

Both RBAC and LBAC play essential roles in access control, each designed to suit the needs

of the organization and its specific security requirements. RBAC’s role-focused approach

provides flexibility and ease of management, making it ideal for dynamic environments with

well-defined roles. Conversely, LBAC’s strict tag-based approach ensures strong security for

sensitive data, albeit with increased administrative complexity.

The number of words: 743

 Reference

McCarthy, M. (2024, January 3.( Difference between RBAC vs. ABAC vs. ACL vs. PBAC vs.

DAC. Strongdm. https://www.strongdm.com/blog/rbac-vs-abac.

Maxsenti, M. (2021, September 16.( What’s the Difference Between Rule-based Access

Control and Role-based Access Control? (+ 2 Other Access Control Types). Getgenea.

https://www.getgenea.com/blog/types-of-access-control/.

Stone, G. (2020, Jun 2.( Role-based access control (RBAC). Medium.

https://medium.com/%40gelferstone/role-based-access-control-rbac-b43b1cc03b73.