Rants
Questions
Soapbox
Best Practices
NEWSLETTERS
SUBSCRIBE TO CIO
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
Fri, Oct 30, 2009 10:59 EDT
Implementing RBAC: The Role Management Model
Create a Role Management Model as the basis for all things RBAC
|
Posted by: Brian_Ekkebus in Best Practices Topic: Virtualization
Current Rating: |
Let’s go back to our RBAC house that we discussed a couple entries ago in “Couches or Concrete”. The tradesmen have shown up ready to work. The supplies are on-site. It’s a beautiful day for work. They ask “What do we do?” Build a house, of course. Do they just start working? Not hardly. They will want to see the blueprints.
Somewhere along the line, an architect has developed a set of blueprints that outline the specific requirements for building the house according to the wishes of the owners.
Let’s apply that analogy to our RBAC project…
-The Owners of the house – these are your business partners
-The Owners’ wishes – these are your high-level business requirements
-The blueprints – these are the detailed business requirements and the design documents
-The Architect – this is a combination of your Business Analysts (for the business requirements) and your developers (for the design documents)
Of course, the architect must follow some general rules when developing the blueprints. This means there’s one more entry in our RBAC house analogy:
-The building codes – these are published in a document or set of documents called the Role Management Model.
The Role Management Model is a document that outlines the overall boundaries and minimum requirements for your RBAC implementation. These boundaries and requirements are affected by such concepts as company policies, risk appetite, industry requirements, regulations, and management style. The documented Role Management Model provides guidance and, in some cases, specific details on how the RBAC technical solution and supporting processes must function. As a result, the specific details in the Role Management Model will be different for each company. However, the basic outline can be very similar.
Let’s take a look at the topic categories covered by the Role Management Model:
-Basic Role Characteristics
-Role Management Life Cycle
-Role Mining
-Role Ownership
-Role Membership Life Cycle
-Role-to-Identity Assignment
-RBAC Technical Integration
-Process & Governance
For each of these categories in the Role Management Model, there are a number of topic items that will describe the functional needs of the RBAC implementation. In its entirety, this document will serve as the primary reference for all things RBAC as the detailed requirements are developed.
Since it’s difficult to decide and record everything related to RBAC in a single writing, the Role Management Model document will evolve over time. New ideas will arise and decisions will be made along a time line rather than all once. That said, while it can certainly be a living document, the basic concepts and decisions recorded in the Role Management Model will ground the project and serve as a reference throughout and after the implementation.
Called the RBAC Bible, RBAC Manifesto or other favorite term, the Role Management Model will serve your needs well.
In future blog entries, we’ll discuss more about the contents of the Role Management Model as well as how to get agreement among your business partners on its contents.
All Comments
Comments
Post new comment
Hot Conversations
Information Wants to Be Free, But at What Cost?
Posted by Thomas Wailgum in News | 2 comments
IT Salaries and the Law of Supply and Demand
Posted by Meridith Levinson in Soapbox | 6 comments
The Bad Job: Do You Stay or Do You Go ASAP?
Posted by Meridith Levinson in Questions | 2 comments
Microsoft's Ozzie on Smartphones: It's Not About the Apps
Posted by Shane ONeill in News | 34 comments
Windows 7 Based on Mac Design: A Gaffe for the Ages
Posted by Shane ONeill in News | 6 comments
Start a Conversation
Got something to say? We want to hear it! Click the Post button to get started. GO»
EXPERT ADVICE
There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.
Sponsored by Microsoft
Listen to on-demand Recordings »
Service Level Management Best Practices Life Cycle Overview - Improve Service Levels
Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.
Sponsored by Compuware
Read this White Paper »
Keeping Your Members Safe from Online Scams and Predators
In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.
Sponsored by iovation
Read this White Paper »
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
NEWSLETTER
Sign-up for the Blogs & Discussion Newsletter
FEATURED SPONSORS
SPONSORED LINKS
THE IDG NETWORK
© 1994 - 2009 CXO Media Inc.