Overview#

Access Control (or Privilege Management) is a process where an Authoritative Entity (Trustor) who grants a permission to a Trustee

Access Control is the process determining Authorization for Access to a Resource

Access Control decides "Who" can do "What" on which Resourcees

Access Control is the process of determining Authorization of a Permission.

Access Control is most concerned with controlling access to a Protected Resource and limiting Risk

The action of Access Control is referred to as Resource Provisioning

Access Control may utilize an Access Control List (ACL)

Access Control Importance#

Access Control is the primary reason we perform all of the following activities:

Access Control Process#

Access Control is defined within a Access Control Policy and enforced by a Policy Enforcement Point based on the decision from the the policy Decision Point which has acquired information from policy Information Point.

Logical Access Control #

Logical Access Control term originated as a counter to Physical Access Control

Access Control Models #

There are many Access Control Models for implementation of Access Control.

LDAP servers#

For an LDAP server, an Access Control provides a mechanism for restricting who can get access to various kinds of data within the DIT.

The Access Control provider may be used to control a number of things, including:

A number of things can be taken into account when making Access Control decisions, including:

See the documentation for details on the Access Control syntax used by the LDAP Server Implementation vendor.

Privilege#

In addition to the Access Control subsystem, some implementations, OpenDS is one we are aware, also provides a Privilege Management Infrastructure that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that DUA to bypass any restrictions that the Access Control subsystem would otherwise enforce.

WEB Access Management#

WEB Access Management are Access Control products that are specific to WEB Access Control.

More Information#

There might be more information for this subject on one of the following:
[#1] Loosely adapted from http://en.wikipedia.org/wiki/Access_control - 2012-09-30

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-56) was last changed on 09-Aug-2017 13:45 by jim