RBAC: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
{{TOCright}} | {{TOCright}} | ||
Role Based Access Control (RBAC) is a model for giving a user access to one or more resources. | Role Based Access Control (RBAC) is a model for giving a user access to one or more resources. | ||
<br>NIST CSRC RBAC is the de facto implementation <ref>[https://csrc.nist.gov/Projects/Role-Based-Access-Control NIST - CSRC] National Institute of Standards and Technology - Computer Security Resource Center - Role Based Access Control]</ref> | <br>NIST CSRC RBAC is the de facto implementation <ref>[https://csrc.nist.gov/Projects/Role-Based-Access-Control NIST - CSRC] National Institute of Standards and Technology - Computer Security Resource Center - Role Based Access Control]</ref>. | ||
== Introduction == | == Introduction == | ||
| Line 25: | Line 25: | ||
# operation: operations are the actions that are performed on the objects | # operation: operations are the actions that are performed on the objects | ||
|} | |} | ||
1) Model and Entity Relation taken from Mind-it <ref>[https://www.mind-it.info/2010/01/09/nist-rbac-data-model Mind-it], NIST RBAC Data Model</ref> | 1) Model and Entity Relation taken from Mind-it <ref>[https://www.mind-it.info/2010/01/09/nist-rbac-data-model Mind-it], NIST RBAC Data Model</ref>. | ||
Revision as of 16:30, 6 August 2018
Role Based Access Control (RBAC) is a model for giving a user access to one or more resources.
NIST CSRC RBAC is the de facto implementation [1].
Introduction
RBAC is an access control mechanism which:
- Describes complex access control policies,
- Reduces errors in administration,
- Reduces cost of administration.
 |
 |
| The NIST RBAC Model uses a limited set of concepts to define an RBAC system as depicted below. The system has (1) users, users have (2) sessions and sessions and users have (3) roles assigned to them. Each role consist of (4) permissions and permissions are based on (5) objects and (6) operations. |
The model contains 6 main entities:
|
1) Model and Entity Relation taken from Mind-it [2].
See also
- NIST CSC RBAC, National Institute of Standards and Technology (NIST), Computer Security Resource Center (CSRC) Role Base Access Control (RBAC) Presentation.
Reference
- ↑ NIST - CSRC National Institute of Standards and Technology - Computer Security Resource Center - Role Based Access Control]
- ↑ Mind-it, NIST RBAC Data Model