Access Control Fundamentals
In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.
12. Access Control Models
12.3. Non-Discretionary or Role-Based Access Control
- A RBAC is based on user roles and uses a centrally administered set of controls to determine how subjects and objects interact.
- The RBAC approach simplifies the access control administration
- It is a best system for a company that has high employee turnover.
- Note: The RBAC can be generally used in combination with MAC and DAC systems