Decoding Role-Based Access Control (RBAC)

Vinay Reddy Male

doi:10.32628/CSEIT251112211

Authors

Vinay Reddy Male Amazon Web Services, Inc., USA Author

DOI:

https://doi.org/10.32628/CSEIT251112211

Keywords:

Role-Based Access Control (RBAC), Cloud Security, Least Privilege Principle, Access Management, Healthcare Compliance

Abstract

This article provides a comprehensive examination of Role-Based Access Control (RBAC) and its significance in modern cybersecurity, particularly within cloud environments. It explores the fundamental concepts of RBAC, including its core principle of assigning access rights based on organizational roles rather than individual users. The article delves into the implementation process, discussing role definition, permission assignment, and user-role association. It highlights the key advantages of RBAC, such as simplified permission management, enhanced security through the principle of least privilege, scalability in dynamic environments, and improved time efficiency in access management. A case study from the healthcare sector illustrates RBAC's practical application, emphasizing its role in maintaining regulatory compliance and efficient operations in complex organizational structures. The article also addresses potential challenges in RBAC implementation, including role explosion and over-permissive access, and provides strategies for overcoming these issues through meticulous planning, regular audits, and ongoing system optimization. By offering insights into both the benefits and challenges of RBAC, this article serves as a valuable resource for organizations seeking to enhance their access control strategies in an increasingly complex digital landscape.

Downloads

Download data is not yet available.

References

Hu, V. C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., & Scarfone, K. (2014). Guide to Attribute Based Access Control (ABAC) Definition and Considerations. National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-162.pdf

IBM Security. (2019). Cost of a Data Breach Report. https://www.ibm.com/security/data-breach

Sean Owens et al., Forrester Research. (Aug 02, 2021). The Total Economic Impact™ Methodology. https://www.forrester.com/report/the-total-economic-impact-methodology/RES174258

Alexander S. Gillis, TechTarget 2019, What is role-based access control (RBAC)? [Online] Available: https://www.techtarget.com/searchsecurity/definition/role-based-access-control-RBAC

Michael P. Gallaher, Alan C. O’Connor, Brian Kropp, NIST. (2020). The Economic Impact of Role-Based Access Control. https://www.nist.gov/document/report02-1pdf

de Carvalho Junior MA, Bandiera-Paiva P. Health Information System Role-Based Access Control Current Security Trends and Challenges. J Healthc Eng. 2018 Feb 19;2018:6510249. doi: 10.1155/2018/6510249. PMID: 29670743; PMCID: PMC5836325. [Online] Available: https://pmc.ncbi.nlm.nih.gov/articles/PMC5836325/

Healthcare Information and Management Systems Society (HIMSS). (2023). 2023 HIMSS Cybersecurity Survey. https://www.himss.org/sites/hde/files/media/file/2024/03/01/2023-himss-cybersecurity-survey-x.pdf

IMI Institute. (2022). Identity and Access Management Report 2022. https://identitymanagementinstitute.org/identity-and-access-management-report-2022/

Foxpass. (Oct 16, 2023). How to implement role-based access control (RBAC). Medium. https://medium.com/@foxpass28/how-to-implement-role-based-access-control-rbac-8ee954ff861e