RBAC DISCREPENCY

Hi Everyone,

I am finding out that different authors have different opinions on certain topics, My study tools include # Learnkeys Security+ CD's, Exam Cram2 security+, Security+ second edition (SYBEX), Transender Security+ 1.0, Examwise and xxxxx are the tools I am using.

One source says "In a role based model, users can only be assigned one role"

another source says "A user can be assigned one or more roles"

My thought is, it is possible to assign a user one or more roles BUT it is not the correct way to implement RBAC acces control.....so my answer would be "In a role based model, users can only be assigned one role".

Anybody have any input on this?

Thanks
Tony

Find more posts tagged with

Comments

RussS

Nope - Role based allows for a user to have several roles and to belong to several groups. I will quote Tcat as probably example would be confusing.

With RBAC, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, such as “human resources rep” or “accounts payable data entry clerk”, and each role is assigned one or more privileges that are permitted to users in that role, such as the right to access certain
applications.

tonyteixeira

RussS,
Thanks for information.
Just a FYI.....
Here is a quote from Exam Cram 2.

"Roles and Groups both provide ways of controlling user access, but in a group environment, users can belong to to other groups. In a Role based model, users can be assigned only one role."

Transcender also supports your answer and I always found transcender a great learning tool.

Thanks Again!
Tony

RussS

Very confusing that. In the context that I have always been familiar with a group is considered a role

One of the things you will find out there while studying for Sec+ is that many different authors have conflicting views on many different subjects under the published scope of the exam.

tonyteixeira

Yes it is! I am teaching the technicians in my district in Comptia A+ and Network+......I always find discrepencies amoung the authors. In the case of my RBAC discrepency....I am going with your answer if it comes up on my test.

Thanks
Tony

JDMurray

Both are correct. An OS using RBAC can support a single-role or a multiple-role model.
The single-role model is easier to administer and much less likely to cause
permission conflicts than allowing a user to assume multiple, simultaneous
roles. This is identical to the concepts of single- and multiple-inheritance in
object oriented programming.

Here's a blurb about it from a text on RBAC issues:

Some systems allow a user to simultaneously take on multiple roles in a
session, while others allow the user to assume only one role at a time. If
multiple simultaneous roles are allowed, some systems turn on all roles of
the user while others allow the user to select which roles are turned on in a
particular session. (There is an analogous situation with respect to groups in
operating systems.)