The majority of organizations face a major problem in controlling access to confidential information. Data that is sensitive may be tightly linked to customer trust. This makes it even more important to protect against misuse. Information that can identify an individual needs to be governed by a series of policies that prevent identity theft, compromising of systems or accounts and other serious consequences. To reduce the risk of these issues access to sensitive information should be controlled with precise role-based authorization.
There are many different models that allow access to sensitive information. The most basic model, a discretionary access control (DAC) allows an administrator or owner to choose who can view files and what actions they may perform. This is the default for most Windows, macOS, and UNIX file systems.
Role-based access control is a more robust and secure method. This model is a way to align privileges with a person’s specific job requirements. It also implements important security principles, including an orderly separation of privileges, and the principle of minimal privilege.
Fine-grained access control goes far beyond RBAC by allowing administrators to assign permissions in accordance with an individual’s identity. It makes use of a combination that includes something you recognize, such as an account number, password or device that generates browse around here codes as well as something you own like keys, access cards, or devices with code-generating capabilities and something you’re like, such as your fingerprint, iris scan or voice print. This allows for greater control and eliminates the majority of authorization problems, such as insecure access to former employees or access to sensitive data through third-party apps.