Método de
control de acceso en el que los derechos concedidos a un usuario dependen del
role (o roles) a los que esté adscrito.
Access control based on user
roles (i.e., a collection of access authorizations a user receives based on an
explicit or implicit assumption of a given role). Role permissions may be
inherited through a role hierarchy and typically reflect the permissions needed
to perform defined functions within an organization. A given role may apply to
a single individual or to several individuals. [NIST-SP800-53:2013]
Access control based on user
roles (i.e., a collection of access authorizations a user receives based on an
explicit or implicit assumption of a given role). Role permissions may be
inherited through a role hierarchy and typically reflect the permissions needed
to perform defined functions within an organization. A given role may apply to
a single individual or to several individuals. [CNSSI_4009:2010]
(I) A form of identity-based
access control wherein the system entities that are identified and controlled
are functional positions in an organization or process. [Sand] (See:
authorization, constraint, identity, principal, role.) [RFC4949:2007]
Acronym for “role-based
access control.” Control used to restrict access by specific authorized users
based on their job responsibilities.
https://www.pcisecuritystandards.org/security_standards/glossary.php
method of access control
management whereby the level of clearance and permission is primarily
determined by the job or role that the individual fulfills in the organization.
Role based access control
assigns users to roles based on their organizational functions and determines
authorization based on those roles.
http://www.sans.org/security-resources/glossary-of-terms/