RBAC Implementation:
Windows Environment:
- Utilize Windows Active Directory for user and role management.
- Assign users to specific roles like “accountants” or “developers” based on their job responsibilities.
- Each role is granted specific permissions to access files or resources.
- Example: Create a role “accountants” with read access to financial files.
Linux Environment:
- Leverage Linux user groups for RBAC.
- Assign users to groups according to their work roles.
- Set file permissions for each group to control access.
- Example: Create a group “developers” and provide them write access to code repositories.
Differentiation from Groups:
- In RBAC, users can belong to multiple groups but are assigned to a single role.
- This ensures clear and singular assignment of permissions based on the user’s primary role.
- Example: A user is both in the “developers” group and “accountants” group but is assigned the “developer” role for access control.
MAC Implementation:
Windows Vista-8:
- MAC is implemented using Mandatory Integrity Control (MIC).
- Objects (files, processes) are assigned Integrity Levels (IL) representing trust levels – low, medium, high, and system.
Assigning IL Levels:
- Users are assigned an IL level in their access token.
- Access to an object is allowed only if the user’s IL level is equal to or higher than the object’s IL.
- Example: A user with a “medium” IL can read and write to objects with “medium” or “low” IL but not “high.”
Combining with DAC:
- Windows DAC (Discretionary Access Control) system ACLs are used alongside MIC.
- It checks IL levels first, then verifies ACLs to ensure correct permissions.
- Example: Even if a user has the right ACL permissions, they cannot modify a file with a higher IL.