Rights profiles can provide broad capabilities. You create the roles and assign the profiles. A user can then assume a role to do a job that requires These rights profiles are assigned to special user accounts that are called roles. RBAC collects superuser capabilities into rights profiles. That includes the appropriate rights profile. To do jobs that require some of the capabilities of superuser assume a role User capabilities are grouped into rights profiles. Jobs, print files, create new files, and so on. Have enough privilege to use their applications, check the status of their The amount of privilege that is necessary to perform a job. Least privilege means that a user has precisely RBAC uses the security principle of least privilege. Role-based access control (RBAC) provides a more secure alternative Is hijacked can do anything on the system. Effectively, anyone who can become superuserĬan modify a site's firewall, alter the audit trail, read confidential records,Īnd shut down the entire network. Has the ability to read and write to any file, run all programs, and send Referred to as superuser, is all-powerful. In conventional UNIX systems, the root user, also User rights management is implementedįor a discussion of process rights management, see Privileges (Overview).įor information on RBAC tasks, see Chapter 9, Using Role-Based Access Control (Tasks).įor reference information, see Chapter 10, Role-Based Access Control (Reference).
Security attributes to processes and to users, RBAC can divide up superuserĬapabilities among several administrators. User access to tasks that would normally be restricted to superuser. Role-based access control (RBAC) is a security feature for controlling
0 kommentar(er)
