Access control is a process by which a user is granted access to the system or information. In access control there are identification, authorization, authentication and audit. Access control has a subject (user) that tries to gain access from Object (software) stored on the ACL (access control list). ACL is a list of access controls containing permissions and data to which the user is granted such permissions. Permitted data can only be accessed by some users who have been granted access to access it and of course is controlled by access control. In this case it may require administrators to secure information and set the right to what information can be accessed and when the information is accessible. At this time we will discuss access control based on the principle, model and technology.
Access Control has several principles:
Principle of least privilege
If there is no configuration for the user especially specifically like the individual or group, where the user is located etc, the user should not be able to access that information.
Separation of Duties
Separate the access area to reduce unauthorized data modification to the assets or information of an organization.
Need to Know
This principle is based on the concept of each user who will be given access only to the information they need just to perform the task.
Access control based on model:
Discretionary Access Control
Is a control access model that is set according to the owner’s wishes placed on an ACL (access control list). Using this model is a configuration of granting access based on the user’s needs.
Mandatory Access Control
This model is a highly structured and rigorous model. Users are granted access permissions by classifying the subject (secret, top secret, confidential etc.) and this classification also applies to objects.
Role Based Access Control (RBAC)
Access control is based on user tasks and uses the administrator control to ensure interaction between subject and object.
Ruleset Based Access Control (RSBAC)
Access control is specific to the object to be accessed by the user.
Represents the List of Users granted permission to access the object.