A SURVEY ON ROLE-BASED ACCESS CONTROL
Keywords:
Role-based access control, permission, access, role, userAbstract
Role-Based Access Control (RBAC) is a methodology which is standardized for defining security policies
and for which users are given the privileges, depending upon on roles as an abstraction representing a set of activities to
be performed in an organization. The main advantages of role-based access control are, operational efficiency, IT work,
and administrative work will be greatly reduced. Here, permissions are equated to roles instead of single users.
Permissions granted to a role are strictly related to the data that are needed by a user in order to exercise the business
activities of the role. Users are thus simply authorized to play the appropriate roles, thereby acquiring the roles’
authorizations. Comparing with DAC, which the creator of a resource determines who can access the resource, the
organization has central control over its resources. RBAC approach is a neutral policy, it has more advantages than
DAC and MAC, especially when a flexible, policy-based, fine grained resource access control is required.
