| Title: 1.4 - Why is ANSI RBAC Important? |
| NavPrev: 1.3-what-rbac-is.html |
| NavPrevText: 1.3 - What ANSI RBAC is |
| NavUp: 1-intro-rbac.html |
| NavUpText: 1 - An Introduction to Role-Based Access Control ANSI INCITS 359-2004 |
| NavNext: 1.5-how-to-impl-rbac.html |
| NavNextText: 1.5 - How to implement ANSI RBAC |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| # 1.4 - Why is ANSI RBAC Important? |
| |
| * Enforces the concept of least privilege. Granting users business functionality doesn't imply entitlements may be used at any time. For example a bank teller shouldn't withdrawal money from customer accounts outside of normal business hours or freelance contractors don't require access to production resources to do their jobs. |
| |
| * Enables Regulatory Compliance. Who has been granted authority to the most important resources? How can we be certain that terminiated employees and customers no longer have access to controlled resources? |
| |
| * Enforces separation of duty policies. For example traders must not be regulators or purchasing agents cannot approve transactions. |
| |
| * Eases administration costs due to elimination of redundant resources. Enable business units to be delegated administrative tasks. |
