Article Preview
Top2. Access Control Mechanism (Acm)
The objectives of an access control system are often described in terms of protecting system resources against inappropriate or undesired user access. From a business perspective, this objective could just as well be described in terms of the optimal sharing of information. After all, the main objective of IT is to make information available to users and applications. A greater degree of sharing may get in the way of resource protection; in reality, a well-managed and effective access control system actually facilitates sharing. A sufficiently fine-grained access control mechanism can enable selective sharing of information where in its absence, sharing may be considered too risky altogether.
Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. A given information technology (IT) infrastructure can implement access control systems in many places and at different levels. Operating systems use access control to protect files and directories. Database management systems DBMS apply access control to regulate access to tables and views. Most commercially available application systems implement access control, often independent of the operating systems programming and DBMSs on which they are installed.
2.1 Attribute-Based Access Control (RWX)
The rights (RWX) and permissions are implemented differently in systems based on discretionary access control (DAC) and mandatory access control (MAC). In any ACM, the entities that can perform actions on the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects (Access Control Matrix: data collection). The subjects and objects should both be considered as software entities, rather than as human users: any human user can only have an effect on the system via the software entities that they control. The authorization involves the act of defining access-rights for subjects. The authorization policy specifies the operations that subjects are allowed to execute within a system. The most modern operating systems implement authorization policies as formal sets of permissions that are variations or extensions of three basic types of access: (RWX). Read (R): The subject can (R), Read file contents, List directory contents Write (W): The subject can change (update) the contents of a file or directory with the following tasks: Update (Add Update Delete Rename) Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix-style systems, the “execute” permission doubles as a traverse directory permission when granted for a directory.)