RBAC is an access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization.
RBAC has been used in simple forms since the early days of information security. It was formally defined by David Ferraiolo and Rick Kuhn in 1992 and soon became the dominant model for advanced access control. A well-designed and carefully managed RBAC system can dramatically reduce the cost of security administration while providing sound flexible control.
With RBAC, access rules are modeled after the enterprise’s structure. Several organizational roles are defined (e.g., manager, software developer, salesperson), and each user is assigned one or more roles. Access rights are then assigned to the roles (not to the individual users) after determining which operations must be accomplished by people in each particular job. The role can be a job description, group membership, or security access level.
In the CFO spreadsheet scenario in our example, a role of “confidential financial analyst” could be assigned to user jsmith1, who would also be assigned a role of (say) “senior manager,” sharing that role with other executives. Files similar to forecast.xls would certainly be made available for read and write to the analyst class, while senior managers might only have read access. The organization would need some sort of role for system administrators as well, empowering them to perform backups, and perhaps to read from (but not write to) such files as well.
Notice, by the way, that role conflicts are possible. That is, jsmith1 may have permission to read and write in their role as an analyst, but only reading rights as a senior manager. How to resolve such conflicts is a matter of policy. A permissive system will grant the maximum access of all combined rights, usually permitting any action granted by any of the assigned roles. A restrictive system will grant only the minimum access, the least access of any role assigned to the user.
In this example, therefore, you (or your avatar) would handle the request
[Date/Timestamp]: User jsmith1 wants to OPEN forecast.xls for WRITE.
by looking up all the roles assigned to jsmith1 and determining, via a policy like the one just described, whether write access is included.
Compared to other access control paradigms, RBAC can reduce employee downtime and simplify account provisioning.
