Event Driven Applications
Why is access control important?
Access controls limit access to information and information processing systems. When implemented effectively, they mitigate the risk of information being accessed without the appropriate authorisation, unlawfully and the risk of a data breach. They apply anywhere access is required to perform a business activity and should be adhered to when accessing information in any format, on any device.
Describe an application that would need access control.
- File-Sharing Platforms like SharePoint and Google Docs If you use these types of file-sharing platforms, then you’re already familiar with this type of access control. Whenever you create or share a document, you can choose to either keep control to yourself or give permissions to view or modify the document as a viewer, commenter, or editor.
What is a role used for?
role-based access control gives access permissions based on user roles. What I mean by “role” is the functions that an employee performs. Users may have one or more roles and may be assigned one or more permissions as a result. Doing this gives users who have those roles access to the info they need to do their jobs without affording them access to information that they don’t need. RBAC is a broader form of access control than, say, MAC.
Why is role based access control more scalable than discretionary or mandatory access control?
For most business applications, RBAC is superior to ACL in terms of security and administrative overhead. ACL is better suited for implementing security at the individual user level and for low-level data, while RBAC better serves a company-wide security system with an overseeing administrator. An ACL can, for example, grant write access to a specific file, but it cannot determine how a user might change the file.
| Term | Def |
|---|---|
| Authorization | Authorization is the process of giving someone the ability to access a resource. |
| Role Based Access Control | Role-based access control (RBAC) restricts network access based on a person’s role within an organization and has become one of the main methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network. |
| Capabilities | the quality of being capable; capacity; ability . in JS The Capabilities class defines the capabilities of your Java™ code by encapsulating a list of attributes and parameters. |