- Why is access control important?
- it creates a security layer that restricts user access to resources
- Describe an application that would need access control.
- a forum - varying levels of access would allow different users access to different resources and perform different actions on the forum
- What is a role used for?
- roles assigned to a user that define the capabilities given to the user
- Why is role based access control more scalable than discretionary or mandatory access control?
- in RRBC, users are given access based on their role, the permissions remain the same for all users within that role
- in mandatory access control there are more classification categories for resources and users, requiring more maintenance and overhead
- source: techotopia.com
- Authorization
- the process of verifying what resources users have access to
- Role Based Access Control
- access-control that is defined based on user roles and privileges
- roles assigned to a user that define the capabilities given to the user
- Capabilities
- a capability "refers to a value that references an object along with an associated set of access rights"
- source: wikipedia.org: Capability-based security