Secure Enterprise Access Control (SEAC) Role Based Access Control (RBAC)

摘要

Access to resources such as applications and web services are becoming increasingly difficult to manage via access control lists (ACLs). ACLs usually consist of a client's name or unique identifier. However, resource access is usually based on client characteristics such as command assignments, clearances, and/or pay grade. If a user is reassigned, changes clearance, or is promoted, access to resources should also change. Instead, with ACLs, resource managers constantly have to evaluate personnel records to determine resource access. Such a task can become overwhelming as the number of personnel within an organization grows. Limited access to personnel records by resource managers could compound the problem. This paper discusses a government off-the-shelf- solution (GOTS) for Secured Enterprise Access Control (SEAC) Role-Based Access Control (RBAC) proposed by Richard Fernandez, Space and Naval Warfare Systems Center, San Diego (SSC San Diego) for Commander, U.S. Pacific Fleet (COMPACFLT). In an RBAC solution, a resource manager does not have to constantly query personnel records to determine resource access. The resource manager establishes conditions based on a user's characteristics (command assignments, clearances, and/or pay grade) versus their name or unique identifier. The SEAC RBAC design surpasses the NIST RBAC standard requirements and can be used by any U.S. Government organization. Chapter 1 provides the reader with a general background on RBAC and other access.