Chapter 16

Roles and Rules

Paul J. Sussex

This chapter discusses challenges associated with a traditional approach to access management and introduces the concept of role-based access control (RBAC). Further, we examine key concepts of roles and how traditional and leading mechanisms are used to enforce policy-based business rules. An RBAC approach and implementation methodology is discussed that can be practically implemented with a focus on realizing incremental business benefits (“short-term wins”) to sustain the organization’s appetite for a long-term investment in RBAC. Lastly, this chapter includes a discussion of the impact of RBAC to the overall access management life cycle, and provides guiding principles and lessons learned from complex ...

Get Identity and Access Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.