Role-based access control
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. RBAC is used by the majority of enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC).
Overview[edit | edit source]
RBAC is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. In large-scale systems, RBAC can be used to reduce the complexity and cost of security administration.
Components[edit | edit source]
RBAC includes several key components:
- Roles: A role is a job function or title which defines an authority level.
- Permissions: Permissions are the approval to perform certain operations.
- Users: Users are individuals who have access to the system.
- Sessions: A session is a mapping between a user and an activated subset of roles that the user is assigned to.
Role Hierarchies[edit | edit source]
Role hierarchies are a natural way of organizing roles to reflect the lines of authority and responsibility in an organization. Higher-level roles inherit the permissions of lower-level roles.
Constraints[edit | edit source]
Constraints are a powerful mechanism for laying out higher-level organizational policy. They can be used to enforce separation of duties, which ensures that no single individual has control over all phases of a transaction.
Benefits[edit | edit source]
RBAC offers several benefits:
- Reduced administrative work: By assigning roles to users, rather than individual permissions, the administrative overhead is significantly reduced.
- Improved security: By enforcing the principle of least privilege, users are only given access to what they need to perform their job.
- Scalability: RBAC is highly scalable and can be used in large organizations with thousands of users.
Applications[edit | edit source]
RBAC is widely used in various applications including:
- Database management systems
- Enterprise resource planning (ERP) systems
- Content management systems (CMS)
- Operating systems
Related Concepts[edit | edit source]
- Access control list (ACL)
- Mandatory access control (MAC)
- Discretionary access control (DAC)
- Attribute-based access control (ABAC)
See Also[edit | edit source]
References[edit | edit source]
External Links[edit | edit source]
Search WikiMD
Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD
|
WikiMD's Wellness Encyclopedia |
| Let Food Be Thy Medicine Medicine Thy Food - Hippocrates |
Translate this page: - East Asian
中文,
日本,
한국어,
South Asian
हिन्दी,
தமிழ்,
తెలుగు,
Urdu,
ಕನ್ನಡ,
Southeast Asian
Indonesian,
Vietnamese,
Thai,
မြန်မာဘာသာ,
বাংলা
European
español,
Deutsch,
français,
Greek,
português do Brasil,
polski,
română,
русский,
Nederlands,
norsk,
svenska,
suomi,
Italian
Middle Eastern & African
عربى,
Turkish,
Persian,
Hebrew,
Afrikaans,
isiZulu,
Kiswahili,
Other
Bulgarian,
Hungarian,
Czech,
Swedish,
മലയാളം,
मराठी,
ਪੰਜਾਬੀ,
ગુજરાતી,
Portuguese,
Ukrainian
WikiMD is not a substitute for professional medical advice. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.
Contributors: Prab R. Tumpati, MD
