Role-based access control, or RBAC, is an approach for restricting access to digital resources based on a user’s role in an organization. For instance, under RBAC, a company’s accountant should be able to access corporate financial records but not the content management system used to update the company’s website, while those permissions would be reversed for that company’s web development team.
Just about every organization enforces some kind of access controls on its digital assets—indeed, every operating system in use today has access controls built in. Access controls generally grant specific permissions to (and impose restrictions on) individual users or groups that those users might belong to. What distinguishes the RBAC model from other forms of access control is that the users are grouped together based on the roles they play, and permissions are determined primarily by those roles, rather than being tailored for each individual user. In this article, you’ll learn how RBAC works, and see the advantages and disadvantages of this approach.
To read this article in full, please click here
More Stories
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine...
Fraudsters Exploit Telegram’s Popularity for Toncoin Scam
The scheme was uncovered by Kaspersky and has been operational since November 2023 Read More
Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be...
How to Spot AI Audio Deepfakes at Election Time
We’ve said it several times in our blogs — it’s tough knowing what’s real and what’s fake out there. And...
Dependency Confusion Vulnerability Found in Apache Project
This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers...
CrushFTP File Transfer Vulnerability Lets Attackers Download System Files
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows...