Use and Availability
The use of RBAC to manage user privileges (computer permissions) within a single system or application is widely accepted as a best practice. Systems including Microsoft Active Directory, Microsoft SQL Server, SELinux, grsecurity, FreeBSD, Solaris, Oracle DBMS, PostgreSQL 8.1, SAP R/3, ISIS Papyrus, FusionForge and many others effectively implement some form of RBAC. A 2010 report prepared for NIST by the Research Triangle Institute analyzed the economic value of RBAC for enterprises, and estimated benefits per employee from reduced employee downtime, more efficient provisioning, and more efficient access control policy administration.
In an organization with a heterogeneous IT infrastructure and requirements that span dozens or hundreds of systems and applications, using RBAC to manage sufficient roles and assign adequate role memberships becomes extremely complex without hierarchical creation of roles and privilege assignments. Newer systems extend the older NIST RBAC model to address the limitations of RBAC for enterprise-wide deployments. The NIST model was adopted as a standard by INCITS as ANSI/INCITS 359-2004. A discussion of some of the design choices for the NIST model has also been published.
Read more about this topic: Role-based Access Control
Famous quotes containing the word availability:
“Since ... six weeks ago, there has been no day in which I have not had letters and visits on the subject of my nomination for the Presidency.... I say very little. I have in no instance encouraged any one to work to that end.... I have said the whole talk about me is on the score of availability. Let availability do the work then.”
—Rutherford Birchard Hayes (1822–1893)