Title: Upravljanje pravilima pristupa podacima temeljenim na ulogama u složenim informacijskim sustavima
Abstract: Access control is an unavoidable mediation process during resource and data requests in information systems involved in resolving whether the request should be granted or denied. It is only one aspect of comprehensive data security solutions and has preserving confidentiality and integrity while providing information availability as its main goals.
Access decision is enforced by an implemented security mechanism based on access rules established by the security policy. Access control security policies define allowed access and can be classified into three main categories: discretionary access control, mandatory access control and role-based access control. Security model provides a formal access control security policy representation
Role-based access control policies require role identification according to business positions or job functions. Access rules are defined for roles and users, as role members, acquire the roles’ permissions. Due to simplified management of access rules, role-based access control is widely accepted access control definition and management model for systems with a large number of users and objects. Advantages of role-based access control, along with its flexibility, lie in supporting security principles of least privilege, separation of duties and data abstraction.
Active role-based access control security model distinguishes permission activation based on task and context of a requested access and actual permission assignment. Context can include current business process state in systems that support workflows as well as applied business rules.
Proposed and implemented role-based access control model allows access rules definition and maintenance within Higher Education Information System (ISVU) developed over relational database. Access rules based on roles and dependent on context are stored in database objects representing data dictionary extension related to access rights, namely permission meta-data. Access rules at database level, which the database management system is aware of, are reconciled according to specified abstract access rules. Role-based access control model can also be used for model component management, making role administration one of its applications. Implemented model allows decentralization of all or some of administrative privileges regarding assigning roles to users and describing role domains in different organizational structure units using the same information system.
Publication Year: 2005
Publication Date: 2005-11-25
Language: en
Type: dissertation
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot