Learn how role-based access can help you secure your sensitive information.
Written by Carol Woodbury
Editor's Note: This article is an introduction to the Webcast "5 Steps for Implementing Role-Based Access on the IBM i" available to view free from the MC Press Webcast Center.
A good place to start with a discussion of role-based access is by sharing some thoughts on just what the idea of access to computer information and controlling that access mean. When we speak of "access" to a computer, what we are referring to is the ability to do something with the computer—for example, to read, write, or change information. When you decide you need to "control access," what you are doing is explicitly enabling or restricting, in some way, the ability to read, write, or change information. Access controls can not only dictate who or what process may have access to specific information on a computer, it can also specify the type of access that is permitted.
With role-based access, the decision of whether or not access to information is granted is based on the roles that individual users have in an enterprise. There may be accounting, sales, marketing, support, and many other types of roles defined for any enterprise. Roles are typically defined by a thorough analysis of how an enterprise operates. Once you know the roles, you can determine what sort of information on the computer system each role might need in order to be productive in their job.
When the ability to access information on a computer is grouped by role name, the use of that information is restricted to individuals authorized to that associated role. Look at a retail enterprise. In a retail enterprise, there may be many roles. However, for the sake of argument, let's think of two common roles in relationship to the computer information they may need to access. Take, for example, the role of stock clerks. They may need access to information that includes the ability to receive shipped merchandise, to ship out defective merchandise, and to increase (or decrease) inventory levels. The role of accountant may be limited to information that relates specifically to balance sheets, income statements, and sales reports. Access to information on the computer for these two roles would be restricted to their role definition.
The use of roles to control access may be an effective way for an enterprise to develop and ultimately enforce enterprise-specific security policies. Role-based access may be an excellent way for an enterprise to streamline the security management process.
In the video "5 Steps for Implementing Role-based Access on the IBM I," Carol Woodbury, former security architect and Chief Engineering Manager for IBM for the IBM i systems, author of IBM i Security and Compliance, award-winning speaker, and president of SkyView Partners, shares some ideas for implementing role-based access on the IBM i. This video features SkyView's automation tools for compliance and security administration and illustrates how you can make these tools an everyday part of a role-based access model.
Find out more by viewing the Webcast "5 Steps for Implementing Role-Based Access on the IBM i" available free from the MC Press Webcast Center.
LATEST COMMENTS
MC Press Online