Techopedia Explains Role-Based SecurityThere are many ways to develop a role-based security system. All of them start with the definition of various roles and what users assigned to those roles can and can’t do or see. The resulting levels of functionality must be coded into the system using specific parameters.
Object-oriented programming often involves treating a role as an object relative to certain code modules or functions. In a Microsoft programming setting, a developer might use a PrincipalPermission object in .Net to examine an object containing a role designation and to perform security checks. In other cases, information about an object can be passed to a method for a security check.
Any role-based security system depends on the code's ability to correctly and thoroughly control a given user by his or her assigned role and therefore guard against unauthorized use of proprietary identifiers of a specific role. Alternative models include mandatory access control, where certain specifics are coded into an operating system, and discretionary access control, where some elements of security may be more flexible. For example, a more privileged user may be able to "pass" access to another user in a simple discretionary event or process.
Role-Based Access Control
- Security Certifications from CompTIA
- 3 Defenses Against Cyberattack That No Longer Work
- VoIP - Backdoor to Your Network?
- The Truth About Cybersecurity
- Biometrics: New Advances Worth Paying Attention To
- The 7 Basic Principles of IT Security