Policy enforcements in business or financial applications require role based security. In a company, each employee or a user has certain specified roles. In a company, vice president, supervisors, clerks and other employees have their specified roles and each have their own limit. Here Role based security comes in handy to allow access to information based on the roles and approvals. This form of role based security is highly useful when an application requires approval from multiple locations to complete a task. Role based security is highly used in retail stores and chain of stores. These store chains require completing a task from multiple locations from a centralized place.
Role Based Security Standards
Rick Kuhn and David Ferraiolo formalized role based security in the year 1992. Role based security is also referred as role based access control. Role based security model is adopted world wide as it reduces costs. Based on this model, leading software giants like IBM, Siemens, Sybase etc started developing role based security products. RBAC standard was established in the year 2000 and from 2004 software complying with this standard came in to existence. RBAC standard was accepted by ANSI in July 2004. RBAC is currently being used in companies with more than 500 people. Security administration is prone to error and can become costly for retailers and enterprises. RBAC standard ensures that no errors occur in allocating roles to the users by allocating roles to user based on the organization structure of the company. In this RBAC standard based software, proper roles are assigned to the employees according to their jobs.
.NET Framework role based security
This form of role based security consists of principal and an associated identity. The information about the principal can be accessed only by providing the associated identity. The identities can be based on a windows account or it can be a custom identity. This identity is also referred as the role membership. This security framework provides principal permission objects to perform authorization to the principal. This forms the primary way of security checks in the .NET frameworks. The role based security is extensible and flexible to meet the application needs. This role based security is best suitable for ASP.NET applications that are processed primarily in the server. Inter operation with authenticated infrastructures is also possible with this security system. This role based security software can be used in both the server and the client.
Benefits of Role based security
- Manage and set up both windows principals and identities
- Implementing permission objects
- Security checks based on roles
- Inter operation with .NET framework and COM + 1.0
- Adoption of key security concepts using .NET security
- Availability of .NET framework security tools
- Ease of access to more than 500 users
- Effective on enterprises with multiple locations
- Reduces the costs on IT infrastructure
- Reduces errors in assigning roles and role duplication
- Effective in managing multiple applications from a centralized place