Wednesday, February 12, 2020

Role-based access control (RBAC)

Role-based access control - Wikipedia

"In computer systems security, role-based access control (RBAC)[1][2] or role-based security[3] is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees,[4] and can implement mandatory access control (MAC) or discretionary access control (DAC).

Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations"

Role Based Access Control | CSRC @ NIST

Role-Based Access Controls (PDF, original paper describing the concept)

No comments: