Difference Between Rule and Role Based Access Control
By Stephen Bucaro
Access control is the method used to block or allow access to a network
or network resources. Two types of access control are rule-based and
role-based. These methods are used by firewalls, proxy servers, and
routers. The difference between rule-based and role-based access control
is described below.
Rule-Based Access Control (RuBAC)
With rule-based access control, when a request is made for access to a
network or network resource, the controlling device, e.g. firewall, checks
properties of the request against a set of rules. A rule might be to block
an IP address, or a range of IP addresses. A rule might be to allow access
to an IP address but block that IP address from use of a specific port,
for example port 21 commonly used for FTP, or port 23 commonly used for
Telnet. A rule might be to block a specific IP address, or block all IP
addresses from accessing certain applications on the network, such as email
or video steaming.
Role-Based Access Control (RoBAC)
With role-based access control, when a request is made for access to a
network or network resource, the controlling device allows or blocks access
to a network or network resource based on that user's role in the
organization. For example, an individual with the engineer role in an
organization might be allowed access to the specifications of parts
used in the company's product, but blocked access to employee records.
An individual with the supervisor role might be allowed access to employee
records, but blocked access to engineering documents and specifications.
Rule and Role Based Acronyms
In this article I used the acronym RuBAC for rule-based access control
and the acronym RoBAC for role-based access control, however in
many references the acronym RBAC is used for rule-based access control,
or RBAC is used for is used for both access control methods.
More Network Security Articles:
• How Snort's Stealth TCP Port Scanning Works
• Types of DoS (Denial of Service) Attacks
• Understanding the Different Classes of Firewalls
• Network Security
• Digital Signatures and Certificates
• What is Penetration Testing?
• Network Security Across the Enterprise
• Design a Network Security Policy
• What's the Difference Between Sniffing, Snooping, and Spoofing?
• What is Network AAA (Authentication, Authorization, and Accounting)?