Role-Based Access Control (RBAC)
Role-based access control (RBAC) is an access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions (roles).
- Each set of permissions is a role
- Each principal is allocated to one or more roles
- a user or service account
- right to modify the permissions assigned to each role is reserved to a system owner
- system is nondiscretionary
- each principal cannot modify the ACL of a resource
- though they can change the resource in other ways
- Principals gain rights implicitly, rather than explicitly
- through being assigned to a role vs being assigned the right directly
- filesystem ACLs are where these permissions are stored and enforced
- locally or networked storage
Security Groups
- a security group account partially turns a discretionary system into a role-based one
- rather assigning rights directly to user accounts
- system owner assigns user accounts to security group accounts
- principals gain rights by being made a member of a security group
- can be a member of multiple groups
- can receive rights and permissions from several sources
- RBAC can be partially implemented by mapping security groups onto roles
- but are not identical schemes
- membership in security groups is discretionary
- assigned by admins rather than determined by the system
- ideally, a principal should only inherit the permissions of a role to complete a particular task
- not retain them permanently
- admins should be prevented from escalating their own privileges
- e.g.,
- assigning roles to their own accounts arbitrarily
- boosting a role’s permissions
- e.g.,
- rather assigning rights directly to user accounts