IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [rbac]

Role Based Access Control is a method of access controls where principals get access to resources through membership of permitted roles.

54 questions
2
votes
2 answers

If authenticated user tries to access a restricted resource

If a user with authorization to access Resource A, tries to access Resource B (by trying to follow a URL), which of the following is a better course? Take them to a standard Access Denied Page, with a generic, "You do not have sufficient authority…
kmansoor
  • 133
  • 3
2
votes
1 answer

Explain the concept of RBAC to limit the right of senior staff

If a senior staff got authority to makes changes in the financial records of an organization so can take the money out from the organization which is operated by junior staffs. can RBAC be implemented to stop this?
Jackline
  • 81
  • 2
2
votes
0 answers

How do i find the number of relationships between user and permission in DAC and RBAC

This is a part of a homework. I don't want an answer, just a hint. Assume a system with N job positions. For job position i, the number of individual users in that position Ui, and the number of permissions required for that position is Pi For a…
Jackline
  • 81
  • 2
2
votes
0 answers

Unique assignment of permissions to objects seems to also require the role?

So my understanding of RBAC is that Users have Roles, and Roles have Permissions and there should be a Permission Object mapping. I'm having a bit of a business logic problem though concerning RBAC. For this problem we have two Roles, Player and GM.…
xenoterracide
  • 322
  • 1
  • 2
  • 11
1
vote
1 answer

Automated tools for applying formal methods to verify security policy in existing software

I am new to the Formal Methods arena, but I feel I have an educated grasp on its applications. However, I only seem to encounter formal methods as applied to the development process, as the software is created. I'd like to be able to apply formal…
Methmal Forods
  • 13
  • 2
1
vote
1 answer

ACL managed with roles

I have resources in an application. Further I have a table holding all resources and for every resource what role is allowed to access it. I also have defined a Table holding all uses that are registered to my system and the roles they are allowed…
user49312
  • 11
  • 1
1
vote
0 answers

Attempting to Implement RBAC from ACL

I am trying to implement RBAC to a system but I endup creating an ACL instead due to my low understanding of this archtecture. What I already have implemented: Created User model. Created Groups with different permissions from User…
Elias Prado
  • 111
  • 2
1
vote
1 answer

How to implement MySQL query fo RBAC authorization with fine grained business restrictions in role?

When implementing an authorization system like RBAC/DAC, or XACML, or the AWS IAM authorization model, I see that I can't totally decouple business logic from authorization when there are fine-grained business restrictions. We don't use ORM. When…
null_pointer
  • 111
  • 2
1
vote
1 answer

Is it good or bad to use group in sudoers file instead of using aliases?

I have used user groups heavily while designing access control policies. I find user groups very convenient as it's very easy to implement with PAM. Another reason I have organized the users with various groups is to implement (minimal) RBAC. But…
arif
  • 1,088
  • 13
  • 24
1
vote
0 answers

Designing distributed authentication/authorisation system

I'm trying to design a system that has the following elements: the main backend REST API (currently one, probably multiple in the future) front-channel client(s) -- JS-based single-page app(s) back-channel client(s) as libraries, CLI apps etc a…
Berislav Lopac
  • 119
  • 3
1
vote
1 answer

Share Document within user group

I would like to share documents within groups and make sure that the member of each group can only access the documents shared in his/her group. Situation: There are 5 participants (A, B, C, D). There are two groups (blue: A, B, D, red: D, C). A…
User12547645
  • 173
  • 8
1
vote
1 answer

Is It Possible to Implement Rule-Based Access Control on Amazon Web Services?

I've gone through a few security tutorials on AWS and noted that each tutorial focused on role-based access control only. Has anyone used rule-based access control on AWS? If so, could you point me to links or documentation?
Fuzzy Analysis
  • 119
  • 3
1
vote
0 answers

Access Control - RBAC 0 (Zero) - use case

In this image, in definition of RBAC0, for point 5, if we change the Union to Intersection, will happen and present a use case scenario for this.
Sweety
  • 11
  • 1
1
vote
0 answers

How to implement RBAC on Ubuntu?

I'm looking for the best approach to implement RBAC for about 100 Ubuntu servers. Currently all users are created locally mostly via Chef and we have no user directory service. All users have access to sudo to root and I'd like to limit the…
InfoSecGuy911
  • 11
  • 1
1
vote
1 answer

Authorization based on OASIS ABAC/RBAC/XACML approach

Is anybody aware of any open source .NET authorization solution based on OASIS ABAC/RBAC/XACML approach? I have found some visible amount of Java based solutions but it seems .NET is completely out of it (lack of interest, not in trend?). What does…
AC.
  • 113
  • 5
1 2
3
4