Skip to content

Latest commit

 

History

History
24 lines (20 loc) · 2.48 KB

reading-notes-407.md

File metadata and controls

24 lines (20 loc) · 2.48 KB

Reading Notes Class 8

  • What is Role Based Access Control (RBAC) and why do we care? Role-based access control (RBAC) is a security methodology based on managing user access to protect resources, including data, applications, and systems, from improper access, modification, addition, or deletion. RBAC grants access based on a user's needs according to their position.

  • Describe a Role/Permission heirarchy that you might implement using RBAC. Hierarchical RBAC, as the name suggests, implements a hierarchy within the role structure. This hierarchy establishes the relationships between roles. Users with senior roles also acquire the permissions of all junior roles that are assigned to their subordinates.

  • What approach might you take to implement RBAC?

      1. Inventory your systems
    2. Analyze your workforce and create roles
    3. Assign people to roles
    4. Never make one-off changes
    5. Audit

  • If Authentication is “you are who you say you are,” what is Authorization? Authentication verifies who the user is. Authorization determines what resources a user can access. Authentication works via passwords, biometric information, one-time PINS, and other information provided or entered by the user.

  • Name three primary rules defined for RBAC. Core RBAC 1. Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role. 2. Role authorization: A subject's active role must be authorized. 3. Permission authorization: A subject can only exercise a permission which is authorized for the subject's active role.

  • Describe RBAC to a non-technical friend. You must have the right permission to gain accesss. Think of it as employees at a resteraunt, some are only allowed out front to seat customers, others can server, others cook, and lastly some can go into the office and the back room. RBAC is in char

  • What Are access rights Associated with? The User? or The Role? Explain. Access Rights are the permissions an individual user or a computer application holds to read, write, modify, delete or otherwise access a computer file; change configurations or settings, or add or remove applications.

  • Access Rights, or Authorization, is activated after a user successfully does what? Authentication

  • Explain how RBAC might benefit a business. it can help them manage who and how many people have access to information so that they can keep not only the company information safe but also customer information.

Additional Information