Attribute and Role-Based Access Control Models

by Michael Haythorn
Oct. 2, 2017 0 comments Infosecwriters

Access Control is a fundamental responsibility of information security professionals. The basic need to provide users with the access required to complete their job creates the equal need to restrict this access in some way. Since it is not always appropriate for every member of an organization to have access to every object, a division of this access based upon the duties and responsibilities of individuals is created. This is where Role-Based Access Control can be implemented in an organization to create this division between jobs in order to prevent users from gaining inappropriate access, prevent malicious actions from internal users as well as prevent fraudulent occurrences.

http://www.infosecwriters.com/Papers/MHaythorn_RBAC.pdf