Limiting access to information and information processing services according to the criterion of 'need to access', i.e. to the actual and legitimate operational needs of each individual is crucial to avoid data loss or theft: limiting access to information internally will also help reduce the possibility of a hacker finding access points to information. Therefore, it becomes necessary to understand and define what the roles in the company are and give access to information on a need-to-know basis. In addition, information security responsibilities must be defined and assigned.Conflicting tasks and areas of responsibility must be separated to reduce the possibility of misuse, unauthorised or unintentional modification of the organisation's assets.
Attribute-based access control is an authorisation system that defines access based on attributes associated with security entities, resources and the environment.
The use of role assignment conditions offers three main advantages:
Providing more granular access control: a role assignment uses a role definition with actions and data to grant a security entity permissions. Conditions can be written to filter these authorisations for more granular access control. You can also add conditions to specific actions.
Use attributes with specific business meaning: conditions allow attributes with specific business meaning to be used in access control.