1. What is Role Based Access Control (RBAC) and why do we care?
RBAC is when users are only given access to to systems appropriate to their role and no more.
2. Describe a Role/Permission hierarchy that you might implement using RBAC.
In a larger company, I’d have admins (who have access to everything), editors (who can rewrite), authors (who can write), and general users (who can read.)
3. What approach might you take to implement RBAC?
I might analyze how roles and access are currently being handled, then come up with defined roles, then assign them. Then I’d monitor how the new system is going and makes tweaks to the roles and such until the end of time.
1. If Authentication is “you are who you say you are,” what is Authorization?
Authorization is “do you permission have access to this thing?”
2. Name three primary rules defined for RBAC.
Role assignment
Role Authorization
Permission Authorization
3. Describe RBAC to a non-technical friend.
RBAC is a way to assign ‘roles’ to people to say what they can and can’t access, read, write, edit, or delete.
1. What Are access rights Associated with? The User? or The Role? Explain.
Access rights are associated with the Role. Roles are assigned specific permissions and then Users are given roles.
2. Access Rights, or Authorization, is activated after a user successfully does what?
3. Explain how RBAC might benefit a business.
RBAC might benefit a business by preventing attacks due to employee incompetence or malpractice in the same way that we wouldn’t give every American access to the nuclear launch buttons.