RBAC Conflicts

LunchbocksLunchbocks Senior MemberFloridaMember Posts: 319 ■■■■□□□□□□
I am currently using a Thompson book (from school) and the Exam Cram 2 book to help me study for the Security+ Cert. I have run into an issue where the 2 book contradict themselves. When using RBAC as an access control model, one of the books states that a user can only be assigned a single role, and the other book states that a user may be assigned multiple roles. This isn't a misunderstanding, but a clear contradiction. My question, which is correct? Can a user be assigned multiple roles in an RBAC environment, or are they limited to a single role?

Thanks,

LB
Degree: Liberty University - B.S Computer Science (In Progress)
Current Certs: CCENT | MCTS | Network+
Currently Working On: Security+
2020 Goals: CCNA, CCNP Security, Linux+


Comments

  • undomielundomiel Member Posts: 2,818
    The one stating multiple roles is correct. For example, a person could be part of accounting and part of HR using the same identity that way they could access both roles.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    Be sure to check the technotes on this site as well: http://techexams.net/co_securityplus.shtml

    Here is the Access Control section: http://techexams.net/technotes/securityplus/mac_dac_rbac.shtml
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Unfortunately, the standards for RBAC are not always adhered to by all vendors and/or implementations, so either could be correct depending on the context. In most cases you'll find that multiple roles can be assigned, and that's the answer I would take with me to the exam.

    Here is all (and more) you ever wanted to know about RBAC from the NIST (National Institute of Standards and Technology) site:

    http://csrc.nist.gov/groups/SNS/rbac/
    All things are possible, only believe.
  • LunchbocksLunchbocks Senior Member FloridaMember Posts: 319 ■■■■□□□□□□
    Great, thanks. I know that there is the test way, and the exam way of doing things, and I am definitely looking for the exam way right now. But I always want to know the real-world way of doing it as well.

    I do have another question. What practice tests are people using that they believe most accurately represent the real exam? I am using this site, free-exams.com, and preplogic for now. I am getting consistent grades in the low to mid 80's. But last night I took a Transcender exam, and got 60%. It was loaded with questions relating to things I have never heard of, from college classes, Thompson books, Exam Cram books, or Sybex. I know Transcender used to be the one to use for Microsoft exams, but I don't know about Security+.

    Thanks a lot for the help, and I look forward to hear what others think about practice tests.

    LB
    Degree: Liberty University - B.S Computer Science (In Progress)
    Current Certs: CCENT | MCTS | Network+
    Currently Working On: Security+
    2020 Goals: CCNA, CCNP Security, Linux+


  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    I used Transcender for this. You should also check out the Syngress book. You can get an ebook directly from them for $24: http://www.syngress.com/catalog/?pid=4350
  • LunchbocksLunchbocks Senior Member FloridaMember Posts: 319 ■■■■□□□□□□
    I will check it out, thanks. Did you find that the Transcender exams followed closely to the real exam?
    Degree: Liberty University - B.S Computer Science (In Progress)
    Current Certs: CCENT | MCTS | Network+
    Currently Working On: Security+
    2020 Goals: CCNA, CCNP Security, Linux+


  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    I use Transcender for all my exams. They force me to think critically about the material, which helps me retain the information.
Sign In or Register to comment.