Policy Management in Enterprise Application

You might also like

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 2

Policy Management in Enterprise

Using Role Based Access Control.

Role Based access control (RBAC) is

an access control mechanism in which permissions are
associated with roles, and users are made members of
appropriate roles. This greatly simplifies management of
permissions. Roles are closely related to the concept of
user groups in access control. However, a role brings
together a set of users on one side and a set of permissions
on the other, whereas user groups are typically defined as
a set of users only. The basic concepts of RBAC originated
with early multi-user computer systems. The resurgence of
interest in RBAC has been driven by the need for general-
purpose customizable facilities for RBAC and the need to
manage the administration of RBAC itself. As a
consequence RBAC facilities range from simple to complex.

In earlier days Role Based Access Control

inspired several security frameworks but it gained its
popularity only after NIST proposed a standard. But still the
security aspect is still an afterthought in case of
application development. NIST suggests the integration of
RBAC security framework during the design phase of
software development. This greatly simplifies the
management of security after the application is developed
and it takes fewer efforts than is necessary for security
policy enforcement.

Role Based Access Control is an alternative to

the traditional access mechanism such as Mandatory
Access Control, Discretionary Access Control and
Ownership Based Control. The Role Based Access Control
has various advantages over the traditional Access Control
mechanisms as it has the provisions for addressing the
issues like separation of duties and emergency
authorizations. We will be building a web based policy
management tool for creation and management of security
policies and simultaneously consider and build an example
Management Information System e.g., Banking for
enforcing and validating the access control exercised by
the policies build by the Policy Manager.

You might also like