Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

case studies

Case Studies:

Remote Multimedia Device Access
Porting and Updating Scientific Measurement Software
Open Source based Embedded Device
Distributed Application Error Aggregation, Monitoring and Reporting
Business Intelligence Application
Utility Operating System

Enterprise Data Architecture

Problem Statement:

The azad client recognized a need for more organization and security in their procedures for granting access to valuable information technology resources. The current best-practice method for managing access control is based on the assignment of Roles to Users. This process has resulted in a technique which the IT industry calls Role-Based Access Control or RBAC, and is formalized as an ANSI standard. In order to implement an effective RBAC system, an enterprise needs to build an RBAC Reference Model database. The RBAC database is then used by a computer access mechanism, such as Active Directory, to determine how access will be granted to computer system users and services.

azad Approach & Solution:

The azad client wanted to implement an RBAC reference model with the
following characteristics:

  • Maintain information describing roles and their assignments to users.
  • Define role-based access mechanisms, such as privileges, resources and
    permissions on objects and operations.
  • Build an ANSI standard RBAC model that supports:
    o Core RBAC
    o Hierarchical RBAC
    o Static Separation of Duty Relations
    o Dynamic Separation of Duty Relations
  • Document the model using an ERwin data model.
  • Collect and store relevant data in a SQL Server database.
  • Provide Access forms for ease of maintenance and reporting.

To fulfill this assignment, the azad consultant researched the standards and
requirements for ANSI RBAC using the text Role-Based Access Control by Ferraiolo, Khun and Chandramouli, Artech House Publishers (April 2003). This was followed by the development of a basic ERwin data model which evolved into a SQL Server database containing over 100 tables. An application was created using Microsoft Access which displays a menu and forms to maintain all of the RBAC database tables and relationships. A basic set of queries and reports were also provided.

Tangible Outcome:

The client has been able to use the model as a basis for several internal staffing reorganizations and for developing business processes and operating procedures.