Attribute and Role-Based Access Control Models
Contributed by Michael Haythorn
Access Control is a fundamental responsibility of information security professionals. The basic need to provide users with the access required to complete their job creates the equal need to restrict this access in some way. Since it is not always appropriate for every member of an organization to have access to every object, a division of this access based upon the duties and responsibilities of individuals is created. This is where Role-Based Access Control can be implemented in an organization to create this division between jobs in order to prevent users from gaining inappropriate access, prevent malicious actions from internal users as well as prevent fraudulent occurrences.
This document is in PDF format. To view it click here.