Give two major advantages of Rolebased access control RBAC c

Give two major advantages of Role-based access control (RBAC) compared with directly assigning access rights of objects to subjects.

Solution

Access control decisions are often determined by the roles individual users take on as part of an organization. This includes the specificationof duties,responsibilties, and qualifications.

Within a role based system, the principal concern is protecting the integrity of informatio:\"Who can perform what acts on what information.\"

A role can be thoought of as a set of transactions that a user or set of users can perform within the context of an organization. Transactions are allocated to roles by a system administrator. Membership in a role is also granted and revoked by a system administrator.

RBAC is flexible in that it can take on organizational characteristics in terms of policy and structure. One of RBAC\'s greatest virtue is the administrative capabilites it supports.

Once the transactions of a Role are established within a system, theses transactions tend to remain relatively constant or change slowly over time. The administrative task consist of granting and revoking membership to the set of specified named roles within the system. Wen a new person enters the organization, the adminstrator simply grants memebership to an existing role.When a person\'s function changes within the organization,all memberships to all Roles are deleted. For an organization that experiences a large turnover of personnel, a role-basee security policy is the only logical choice.

RBAC mechanisms can be used by a system administrator in enforcing a policy of separation of duties. Seperation of duties is considered valuable in detering fraud, since fraud can occur if an opportunity eixists for collaboration between various job related capabilities. Separation of duty requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set.