Role Based Access Control Models - ia Tech ppt课件.ppt
Role Based Access Control Models Presented By Ankit Shah 2nd Year Master’s Student Problems Mandatory Access Control (MAC) Central authority determines access control Discretionary Access Control (DAC) Decentralized Access control decisions lie with the owner of an object Access control on a per user basis Access control needs are unique Existing products lack flexibility Solution Role Based Access Control Permission associated with roles and users assigned to appropriate roles anization style Competency Authority and responsibility Duty assignments - Security administration and review - Simple role-permission relationship - Ability to meet the changing needs of anization Role related concepts What is the difference between roles and groups? User – permission distinction Eg. Unix operating system RBAC is policy neutral but supports Least privilege Separation of duties Data Abstraction Four Reference Models Base Model (RBAC0) User Typically a human being Role Job title Permission Approval of a mode of access to some object Variety of permissions from coarse grain to fine grain Depends on implementation details of the system Session Mapping of one user to many roles Multiple sessions Each session may map single or multiple roles of the users subset RBAC Models Role Hierarchies (RBAC1) Reflects anization’s role structure Supports inheritance of permissions Hierarchies are a partial order Useful to limit scope of inheritance Private roles Role Hierarchy Examples Role Hierarchy Examples Continued
Role Based Access Control Models - ia Tech ppt课件 来自淘豆网m.daumloan.com转载请标明出处.
