Acces Control (AC)

• concept de sécurité et d'autorisation
• access control is about restricting access to a resource
  • Authentication
    • The act of proving an assertion, such as the identity of a person or computer user. It might involve validating personal identity documents, verifying the authenticity of a website with a digital certificate, or checking login credentials against stored details
  • Authorization
    • The function of specifying access rights or privileges to resources. For example, human resources staff are normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system.
  • Access
    • Once authenticated and authorized, the person or computer can access the resource.
  • Manage
    • Managing an access control system includes adding and removing authentication and authorization of users or systems. Some systems will sync with G Suite or Azure Active Directory, streamlining the management process.
  • Audit
    • Frequently used as part of access control to enforce the principle of least privilege. Over time, users can end up with access they no longer need, e.g. when they change roles. Regular audits minimize this risk.
• categories
  • Attribute-Based Access Control (ABAC)
  • Discretionary Access Control (DAC)
    • Access Control List (ACL)
  • Mandatory Access Control (MAC)
  • Role Based Access Control (RBAC)
  • ref.cs.archi.ac.rbac(rule) (Private)
  • Break-Glass access control (BGAC)
  • Brewer and Nash
  • Multi categories security (MCS)

Versus

Role Based Access Control (RBAC) vs Access Control List (ACL)

For most business applications, RBAC is superior to ACL in terms of security and administrative overhead.

ACL is better suited for implementing security at the individual user level and for low-level data, while RBAC better serves a company-wide security system with an overseeing administrator.

An ACL can, for example, grant write access to a specific file, but it cannot determine how a user might change the file.

Role Based Access Control (RBAC) vs Attribute-Based Access Control (ABAC)

While RBAC relies on pre-defined roles, ABAC is more dynamic and uses relation-based access control.

You can use RBAC to determine access controls with broad strokes, while ABAC offers more granularity.

For example, an RBAC system grants access to all managers, but an ABAC policy will only grant access to managers that are in the financial department.

ABAC executes a more complex search, which requires more processing power and time, so you should only resort to ABAC when RBAC is insufficient.

Role Based Access Control (RBAC) vs Discretionary Access Control (DAC)

RBAC differs from DAC in that DAC allows users to control access while in RBAC, access is controlled at the system level, outside of user control.

Role Based Access Control (RBAC) vs Mandatory Access Control (MAC)

RBAC can be distinguished from MAC primarily by the way it handles permissions. MAC controls read and write permissions based on a user/device's clearance level while RBAC controls collections of permissions that may include complex operations such as credit card transactions or may be as simple as read or write.

---

Children

1. Access Control List (ACL)
2. Attribute-Based Access Control (ABAC)
3. Break-Glass access control (BGAC)
4. Brewer and Nash
5. Discretionary Access Control (DAC)
6. Identity Access Management System (IAM)
7. Mandatory Access Control (MAC)
8. Multi categories security (MCS)
9. Role Based Access Control (RBAC)

---

Backlinks

• Role Based Access Control (RBAC)