Role based security with RBAC

Posted by Edward Killeen on Tue, May 22, 2012

Role based security means an awful lot more than just role based access control (RBAC).  It means using RBAC to its fullest potential to secure all resources in and out of your network.

role based securityThis means having an identity management platform that is built on the idea of roles.  Provisioning to different systems based on roles.  Granting access to resources based on roles.  Workflow levels based on roles.  Single sign-on based on roles.  Roles have to be core to the identity and access management platform that you choose.

IdM platforms built from acquisitions and hodge-podged together have a hard time having a core platform belief system like this.  The components need to be able to talk to each other seamlessly in the same language (not just programming language either).  For example, if you are provisioning only certain roles into, then your single sign-on has to understand that role and work with it, only allowing those users to even go through the SSO process.  Otherwise, you get moving parts; Frankenproducts love moving parts, business productivity doesn't.

A great example of this is rights-based approval routing (lovingly known as RBAR).  RBAR unifies workflow and RBAC security to enforce real-time evaluation and routing of who can approve what based on the actual rights delegated to the current person at that time for the affected resource.  Approvals route to approvers with the necessary privileges to perform the intended operation. Those rights are determined by your role.

Using RBAC and Attribute Based Access Control together is even better.  Picture you are in the Sales in Toledo role so you are provisioned into Salesforce as a user.  But you are a manager as shown in your title attribute in Active Directory.  Using the RBAC/ABAC hybrid allows your IdM platform to approve requests around Salesforce access and/or have extended privleges within salesforce.

Take a look at our whitepaper on Best Practices in Enterprise Authorization - the RBAC/ABAC Hybrid Approach.  You will get a great idea of how this all should work with a proper platform built with a foundation of RBAC.

Click me

Tags: Role Based Access Control (RBAC)