What is Role Based Access Control (RBAC) and why do we care?
Role-Based Access Control (RBAC) is a system that assigns access to users based on their job roles in an organization. It helps manage access rights, making it easier to control and secure sensitive information.
Describe a Role/Permission heirarchy that you might implement using RBAC.
In a school, a basic user can access email and the school website, while a teacher can access student grades and lesson plans, and an administrator has full control over the school’s systems.
What approach might you take to implement RBAC?
To implement RBAC, first, make a list of the resources you want to control access to. Then, group people into roles based on their access needs and assign them accordingly. Regularly review and update roles
If Authentication is “you are who you say you are,” what is Authorization?
Authorization is like getting permission to do something after proving your identity. It determines what actions or access you are allowed based on who you are.
Name three primary rules defined for RBAC.
- Role assignment: You can do things only if you have a specific role assigned.
- Role authorization: Your role must be authorized.
- Permission authorization: You can do certain things only if they are authorized for your role.
Describe RBAC to a non-technical friend.
RBAC is like giving different roles to people, such as students, teachers, and principals. Each role has certain permissions, like access to books or the ability to make rules.
What Are access rights Associated with? The User? or The Role? Explain.
In RBAC, access rights are associated with roles, not directly with users. Users are assigned roles, and those roles determine the access rights the users have.
Access Rights, or Authorization, is activated after a user successfully does what?
Access rights, or authorization, are activated after a user successfully authenticates or proves their identity to the system.
Explain how RBAC might benefit a business.
RBAC can benefit a business by simplifying user management, ensuring authorized access to resources, and improving security by assigning roles and permissions effectively.
What are your learning goals after reading and reviewing the class README?
My goals are to understand how authorization works in computer systems, learn about roles and capabilities, and implement access control in my own projects.