Rule-Based Access Control (RB-RBAC)
This section explains the basic of the rule-based access control (RB-RBAC) model. As you read you will understand why this model is called rule-based as this model is based on meeting a set of rules versus being identity-based as in the other models discussed. What is an example of a rule-based access control on a system?
- Rule-based access control uses specific rules that indicate what can and cannot happen between a subject and an object.
- A subject should meet a set of predefined rules before it can access an object.
- It is not necessarily an identity based i.e. it can be applicable to all the users or subjects irrespective of their identities.
- E.g.: Routers and firewall use rules to filter incoming and outgoing packets
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.