One of the biggest challenges in large network systems is the complexity of the security organization. This organization is not only costly, but also error-prone, as network administrators usually specify individual access control lists( ACL) for each network user.
Role-Based Access Control(RBAC), also known as Policy-Based Access Control (PBAC), is a technology that is used in particular in commercial applications because it can significantly reduce the complexity and cost of security administration for large networks and implement corporate security policies.
RBAC is of particular interest because security management is based on the organizational structure of the company. Each employee is assigned one or more roles, and each role in turn is assigned one or more privileges that allow the user to perform certain activities. In this process, the roles that an employee can assume are first defined. For example, such a role may refer to a specific position in the company. Then the access rights relevant to this role are specified. This is followed by the assignment of users to a role. With the assigned access rights, the corresponding employee can only access the information that he needs for his work. Access to other information that is not relevant to him is prevented. By assigning roles, subordinate employees cannot access sensitive data of superior employees.
Security administration with RABC consists of the operational capabilities that a person in a particular position can perform and the assignment of specific roles to employees. The complexity created by mutual exclusive role play or role hierarchy is handled by the RBAC software. The RBAC process has the advantage that a large group with many identities only needs a single security policy for access to specific resources. This significantly reduces the amount of Identity and Access Management( IAM) policies that need to be managed.