home | about us | support | contact us
Call Us 888-444-6897
Monday thru Friday - 9am to 6pm CST

See us on:

LinkedIn

Home » Features » Isis CMS - Role Based Access

Isis CMS - Authentication System

Isis CMS uses an authentication system called RBAC (sometimes known as role-based security).

It is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees and allows more flexibility and security than other methods.

RBACWithin an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions.

Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user; this simplifies common operations, such as adding a user, or changing a user's department.

Three primary rules are defined for RBAC:

1. Role assignment: A subject can execute a transaction only if the subject has selected or been assigned a role.

2. Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.

3. Transaction authorization: A subject can execute a transaction only if the transaction is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can execute only transactions for which they are authorized.

Additional constraints may be applied as well, and roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles.

RBAC


 

online marketing newsletter

Learn great actionable advice to kick your online marketing initiatives into overdrive! Best of all, you get advice from a 15 year online marketing veteran - FREE.