Highest Voted 'rbac' Questions - IT Security Stack Exchange

74

votes

1 answer

What is the difference between RBAC and DAC/ACL?

What are the benefits of each, and when should I choose one over the other? Are there situations where these should be merged? Do you have examples of common usages? And what about MAC, where does that fit in?

asked Nov 14 '10 at 19:27

AviD

72,138
22
136
218

40

votes

2 answers

Role Based Authorization vs. Claim Based Authorization

What is the difference between "role based authorization" and "claim based authorization"? Under which circumstances would it be appropriate to implement each of these authorization models?

authentication authorization identity federation rbac

asked Nov 11 '13 at 13:34

user960567

2,461
4
16
16

25

votes

4 answers

Role Based Access Control + Data Ownership based permissions

Is there a common system or pattern that combines the permissions given by a role in a RBAC-system with permissions in relation to data ownership? For example: Bob is a doctor and has the role with the privilege 'view patient details' but only…

access-control rbac authorization

asked Jan 16 '12 at 10:45

Jacco

7,402
4
32
53

18

votes

2 answers

MAC vs DAC vs RBAC

Someone can suggest me a real situation in which is better to use MAC (Mandatory Access Control) instead of DAC (Discretionary Access Control) or RBAC (Role Based Access Control)? And in which DAC is better than the others? And in which RBAC is the…

access-control rbac

asked Jul 20 '14 at 10:40

mcfan

643
2
6
7

13

votes

1 answer

Separating "function" from "scope" in RBAC

I'm trying to formulate an RBAC permission model which allows separation between permissions and the scopes on which those permissions are applied. I have been unable to find a standard model which describes this. Here's an example: A Permission…

access-control authorization permissions rbac abac

asked Dec 24 '17 at 06:43

metacubed

231
1
5

13

votes

2 answers

Best practices for implementation of role-based access control in healthcare applications

Amongst the open source EMRs, which ones may be good to learn from? Any references I can go to as a starting point?

access-control rbac healthcare

asked Nov 09 '11 at 23:40

Ming K

243
2
8

11

votes

4 answers

RBAC model: user in two roles access dilemma

I am implementing the Role-Based Access Control (RBAC) model security system and I have a dilemma: one User1 is in Role1 and is in Role2. Role1 allows access to the Resource1 and Role2 denies access to the same one. It is a well known problem. Could…

rbac authorization access-control

asked Nov 18 '10 at 11:08

garik

1,222
15
24

9

votes

1 answer

What datastructure would/have you used to store ACLs within a hybrid ACL/RBAC system?

In our system, every resource has an access control list (ACLs), which list entries (ACEs) that have a specific kind of access to that resource. The ACE can be for end-entities (eg: users like "Mr Q") or group entities (eg: "North Atlantic"); the…

access-control authorization rbac nosql

asked Dec 24 '13 at 21:01

Cat Nap

101
3

8

votes

1 answer

What is the difference between claims, attributes, and roles?

Many questions have already been asked about Claims-based authentication and the differences with other approaches: Role-based vs Claims-based Explain claims-based authentication Now, my favorite answer is one given on stackoverflow: Using…

authentication authorization rbac

asked Mar 04 '14 at 10:10

Michael

5,393
2
32
57

6

votes

4 answers

encryption vs access control comparison

I have a very basic and simple question about two security concepts. Both encryption and access control are used for privacy and to prevent unauthorized users from accessing some object (eg. files, processes, etc.). What is the difference in…

encryption access-control authorization rbac

asked May 15 '15 at 15:23

b24

161
1
3

6

votes

1 answer

Is it correct to consider Task Based Access Control as a type of RBAC?

I'm studying for CISSP certification and one of the video lectures I viewed (CBT Nuggets) really confused me. Here are some excerpts from the lecture: "Role Based Access Control doesn't always use the role for the basis for how it's going to…

access-control rbac cissp

asked May 03 '11 at 00:22

Mike B

3,336
4
29
39

6

votes

3 answers

Security Architecture - Settings to drive UI and Privileges (Rights) - Role-Based, per User-Account

How do large companies implement their security requirements which are centralized and used to drive things people can do (allowed to call a certain web-service, submit an order, etc.) as well as to drive UI (disable buttons, menu options,…

access-control rbac operations

asked Mar 07 '11 at 14:41

Leon

163
4

6

votes

1 answer

RBAC0 RBAC1 RBAC2 RBAC3 -- What do they mean?

I am familiar with the concept of role-based access control but have heard the terms RBAC0 etc. being thrown around. What do these really mean? I found this quote on a NIST website: In 1996, Sandhu, Coyne, Feinstein, and Youman introduced a…

access-control terminology rbac

asked Sep 20 '17 at 18:53

jtpereyda

1,430
2
16
26

6

votes

3 answers

Role-Based Access Control Disadvantages

According to NIST, RBAC models are the most widely used schemes among enterprises of 500 or more. What happens if the size of the enterprises are much larger in number of individuals involved. In other words, what are the main disadvantages of RBAC…

access-control rbac

asked Feb 14 '17 at 16:52

user505

61
1
1
2

5

votes

3 answers

(custom software) Security rules on each record when using user-groups per application

I'm working with custom software here, so don't worry about Microsoft whatever, Open anything, or something else. Let’s stick to theory of how this should go together. Let’s say I have a user system/database. The database has a table of users, and…

appsec access-control rbac

asked Apr 29 '11 at 16:12

Incognito

5,204
5
27
31

Questions tagged [rbac]