{"title":"用于企业级基于角色的访问控制的高级功能","authors":"A. Kern","doi":"10.1109/CSAC.2002.1176305","DOIUrl":null,"url":null,"abstract":"The administration of users and access rights in large enterprises is a complex and challenging task. Roles are a powerful concept for simplifying access control, but their implementation is normally restricted to single systems and applications. In this article we define enterprise roles capable of spanning all IT systems in an organisation. We show how the enterprise role-based access control (ERBAC) model exploits the RBAC model outlined in the NIST standard draft and describe its extensions. We have implemented ERBAC as a basic concept of SAM Jupiter, a commercial security administration tool. Based on practical experience with the deployment of Enterprise Roles during SAM implementation projects in large organisations, we have enhanced the ERBAC model by including different ways of parametrising the roles. We show that using parameters can significantly reduce the number of roles needed in an enterprise and simplify the role structure, thereby reducing the administration effort considerably. The enhanced ERBAC features are illustrated by real-life examples.","PeriodicalId":389487,"journal":{"name":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"70","resultStr":"{\"title\":\"Advanced features for enterprise-wide role-based access control\",\"authors\":\"A. Kern\",\"doi\":\"10.1109/CSAC.2002.1176305\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The administration of users and access rights in large enterprises is a complex and challenging task. Roles are a powerful concept for simplifying access control, but their implementation is normally restricted to single systems and applications. In this article we define enterprise roles capable of spanning all IT systems in an organisation. We show how the enterprise role-based access control (ERBAC) model exploits the RBAC model outlined in the NIST standard draft and describe its extensions. We have implemented ERBAC as a basic concept of SAM Jupiter, a commercial security administration tool. Based on practical experience with the deployment of Enterprise Roles during SAM implementation projects in large organisations, we have enhanced the ERBAC model by including different ways of parametrising the roles. We show that using parameters can significantly reduce the number of roles needed in an enterprise and simplify the role structure, thereby reducing the administration effort considerably. The enhanced ERBAC features are illustrated by real-life examples.\",\"PeriodicalId\":389487,\"journal\":{\"name\":\"18th Annual Computer Security Applications Conference, 2002. Proceedings.\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"70\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"18th Annual Computer Security Applications Conference, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSAC.2002.1176305\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"18th Annual Computer Security Applications Conference, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2002.1176305","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Advanced features for enterprise-wide role-based access control
The administration of users and access rights in large enterprises is a complex and challenging task. Roles are a powerful concept for simplifying access control, but their implementation is normally restricted to single systems and applications. In this article we define enterprise roles capable of spanning all IT systems in an organisation. We show how the enterprise role-based access control (ERBAC) model exploits the RBAC model outlined in the NIST standard draft and describe its extensions. We have implemented ERBAC as a basic concept of SAM Jupiter, a commercial security administration tool. Based on practical experience with the deployment of Enterprise Roles during SAM implementation projects in large organisations, we have enhanced the ERBAC model by including different ways of parametrising the roles. We show that using parameters can significantly reduce the number of roles needed in an enterprise and simplify the role structure, thereby reducing the administration effort considerably. The enhanced ERBAC features are illustrated by real-life examples.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
