RBAC restricts network access based on someone's role in the organization.
Commonly used for access control, and only gives access to information relevant to the person's job duties.
Keeps sensitive data away from people that don't need it.
Management role scope: limits what objects the role group is allowed to manage.
Management role group: ability to add/remove people.
Management role: tasks that can be done by a specific role w/in the group.
Management role assignment: links a role to a role group.
RBAC Benefits
Managing network access is super important for info sec, and should be done on a need-to-know basis.
We can reduce the total amount of administrative work and IT support needed to deal with the hiring/firing of people. Just add/remove people from role groups.
RBAC helps us streamline and maximize operational efficiency, allowing people to do their jobs more efficiently and with less interruption.
RBAC allows us companies to manage regulatory requirements for privacy and such in IT departments.
We can better manage how data is being accessed and used.
RBAC Best Practice Implementation
We need to take a few things in to consideration when implementing RBAC.
Current Status: We need to create a list of all the software/hardware/applications that use some type of security (passwords etc). We need to know who has access to all of those devices.
Current Roles: We need to figure out who needs access to what, and why.
Write Policy: We need to document any changes that are made to our policies so that employees know what's expected of them.
Make Changes: After we get the list of what we have, what we need, and who needs what, we can implement our changes.
Continually Adapt: As with all things in the tech industry, things will needs to be changed/tweaked as roles change.