1.
An alternative to the Role-Based Access Controls is the development of an own solution for access control for the organization. However, it will be difficult to take into account the aspects of authentication, authorization, and audit function and therefore end up with solutions that do not meet all requirements and are also difficult to maintain.
At the other extreme are the business platforms for identity and access management. The leaders in these category suppliers are IBM, CA, Oracle, and Sun. These proprietary platforms provide power and flexibility, but at the cost of complexity and in most cases require additional services of capacitation.
As a midpoint between the solutions developed internally, and proprietary enterprise platforms, there are business tools aimed at securing individual applications, easily and non-intrusively. Among the most notable options in this segment is Visual Guard, the French company Novalys. This tool provides an excellent balance between the power of their capabilities, and ease of implementation. The limitation is that is only available for NET and PowerBuilder platforms (Rouse, 2016). It is possible to find other applications in the market, but they don’t guarantee the minimum security requirements for the organization.
2.
■ Authentication advantage: The system can validate the identity of a user. It is typically done through usernames and password. The configuration of the username and password depends on the system administrator.
■ Authorization advantage. The system defines the range of applications and permissions that a specific user can use and have access. The Role Based Access Control relates a specific user with the authorized applications
■ Audit advantage. The system can record and track all the transactions-sensitive applications. The audit lets the analyst know who did what, when he did, and who gave the necessary permissions to that user.
Reference List
Rouse, M. (2016). role-based access control (RBAC). Retrieved from Tech Target Search Security: http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC