Access control mechanisms have been used to regulate the people who have access to certain modules of an information system. There are many example of access controls mechanisms which have been create which include operating systems like Unix which have a clearly-defined structure of the users who have access to certain files in the operating systems. In the traditional systems, there were two concepts that were used to manage control to the systems. These were the Mandatory Access Control and Discretionary Access Control. Today there is development of Role Based Access Control (RBAC).The Mandatory Access Control was commonly used in multiple levels and was commonly used in the military systems. MAC was meant to restrict access to an object based on the sensitivity of the information in that system and also according to the level of authority of the information. The second traditional system is the Discretionary Access Control which has been the model of choice for many commercial institutions and civilian government systems (Damiani, & Liu, 2006). This is defined as the restriction of the access to objects based on the identity of the objects and the groups to which they belong. They are discretionary in the sense that an object which has permission to access a certain object can pass that permission to other objects. It is possible only if this allowed by the Mandatory Access Control.
Role Based Access Control role graphs have come of age; there have been weaknesses in the traditional systems due to the fact that users are only given the rights to access the data and they have no right to spread any form of information to third parties. Leaving the access controls to the users will make the management of the data to be an uphill task for the administrators. It will be hard to predict who will have access to the data. What is more, users in an organization have been categories to many groups which are based on the permission they have to certain information. Each of these groups has a certain role they play in an organization. An example is the fact that administrators should have more control than the clerks and on the other hand the IT support staff should have more control over the data because they are the ones who manage and control the whole model. The junior staff should have access to the information that is relevant to what they do in the organization (Thuraisinggham, & Riet, 2001).
The use of this concept is clearly defined in RBAC. There are new roles which are defined in this model. It puts into consideration the fact that there are roles and privileges in the model and in the whole organization as a whole. The classes that the users are classified are based on certain relationships. The users may belong to a certain group but have different levels of permissions to certain objects in the system. Other users may have super-roles while others have sub-roles of the other functions. The role to write a file may also implicate that the same user can read the file.
Taking into consideration that these roles have been defined, a role graph is useful. In this paper for example, the role of a Human Resource clerk is limited compared to that of his supervisor. The Human Resource manager and the IT support staff will have super-roles as opposed to those of the supervisor and the clerk. The human resource department will then be represented in a graph so that the different users will be graphically represented.
There is also a need to put into consideration the fact that there could be conflicts of interest in the model. The roles that are assigned to the users should be in such a way that there should not be centralization of power in the system so that the users cannot bring about the conflicts of interest. All the privileges should not be granted to a single user (Ferraiolo, Kuhn, & Chandramouli, 2003). This will help in preventing the fraud. In this error of information systems and automation, caution should be taken so that all the privileges should not be granted to a single user. When this user decides to go underground, the whole organization will be grounded. There are mechanisms that should be developed so that these roles are clearly defined. One of the mechanisms in the Wall of China.
There should be inheritance in the model so that the users should inherit privileges from their supervisors/seniors. In this example, there are some rules that the Human Resource clerk will have to inherit from the supervisor (Chen, Mu, & Susilo, 2008). The role of changing eth salary adjustments for the employees should be given to all the users but in this case the Human resource clerk and the supervisor will inherit these from the Human Resource Manager. That will eradicate the issue of duplication of role definition. Roles should be defined only once and all the other users will be given privileges by inheriting these from their supervisors without the need to redefine these roles. This will make an efficient system that is devoid of role duplication.
In general, there is need to have roles clearly defined so that the security of the systems is in the safe hands. There is need to have the roles of the users of the systems will be of paramount importance.
Chen, L., Mu, Y., & Susilo, W. (2008). Information security practice. Springer.
Damiani, E., & Liu, P. (2006). Data and applications security. Springer.
Ferraiolo, D., Kuhn, R., & Chandramouli, R. (2003). Role-based access control. CA: Artech House.
Thuraisinggham, B., & Riet, R. (2001). Data accessibility and security. Netherlands: Springer.