Changes between Version 6 and Version 7 of Internal/Rbac


Ignore:
Timestamp:
Sep 20, 2006, 5:06:55 PM (18 years ago)
Author:
hedinger
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/Rbac

    v6 v7  
    55Role-Based Access Control (RBAC) will be used by ORBIT to ''control'' each user's ''access'' to ORBIT resources based on his or her ''role''.  To explain this use of roles, first some terminology.  When a user runs an application program that process acts on behalf of the user and is referred to as a ''subject''.  An ''object'' is any resource accessible on a computer system, including peripherals, files, databases, and fields in a database.  An ''operation'' is an active part of a process invoked by the subject process much like a function call or a method invocation.  In general, a ''permission'' or privilege is the authorization to perform some action on the system.  In RBAC, a permission is the authorization to perform a given operation on a given object.  The use of roles to control access is based on the observation that there may be thousands of users in a given organization, but there are fewer than a hundred different roles they act in at any given time to access resources.  Users are assigned to one or more roles.  Each role has a defined set of permissions, each permission either allowing or disallowing an operation invoked by a subject process run by a user acting in that role to access a given object.
    66
    7 RBAC promises simpler administration of access control than access control lists.  It enables an organization to enforce separation of duty, the principle of least privilege and timely revocation of trust.  Because it is based on formal model, a given an assignment of users to roles may be checked for consistency with security design goals.
     7RBAC promises simpler administration of access control than access control lists.  It enables an organization to enforce separation of duty, the principle of least privilege and timely revocation of trust.  Because it is based on a formal model, a given an assignment of users to roles may be checked for consistency with security design goals.
    88
    99Two special constraints are needed with role-based access control for ORBIT.  A primary goal of ORBIT's is to insure each users has access to data and results only for their project.  Second, use of the grid is scheduled and its access control has to be integrated with the ORBIT grid scheduler.