Access control refers to a set of controls employed in a computing environment to enable the selective restriction and regulation of access to certain resources. In retrospect, it is a collection of mechanisms that gift managers in a given system to practice a restraining influence on the use, content and behaviour of a given system (Bertino, Ghinita & Kamra, 2011). The three examples of the main models of access control include:
• Discretionary Access Control Model (DAC)
• Mandatory Access Control Model (MAC)
• Role Based Access Control Model (RBAC)
Every model is unique in its function such as the RBAC. Also known as the Non-Discretionary Access Control Model, the model employs the use of a centrally issued group of controls in the determination of how interactions are conducted between subjects and objects. The model delves to gift the room for the access to resources to be centred on a user’s role within an enterprise. It is imperative to highlight that the model is considered as the most effective for any enterprise that experiences a high turnover and is referred to as nondiscretionary due to the idea that attaching a user to certain roles is regarded as to be unavoidably imposed.
The demand for an effective Identity and Access Management system (IAM) has grown to become a significant part of organizational IT. This is due to the challenges the system can help overcome that include:
• The increase in complexities of handling user’s identities brought about by an increase in distributed applications.
• Problems of passwords
• Productive provisioning
• Employees bringing own device to work to access enterprise network
References
Bertino, E., Ghinita, G., & Kamra, A. (2011). Access control for databases: Concepts and systems. Hanover, MA: Now Publishers Inc.
Sharman, R., Smith, S. D., & Gupta, M. (2012). Digital identity and access management: Technologies and frameworks. Hershey, PA: Information Science Reference.
