Purpose-based access control: Putting data access requests into context

2022-10-10 05:00

Role-based access control is a simple, understandable approach to making data access permit/deny decisions.

Their contract negotiation teams often needed access to prepare quotes for new business, and accounts receivable needed access for accurate billing based on performance-related contract terms.

A more modern approach to data security, called purpose-based access control, aims to overcome the limitations of RBAC. PBAC evaluates each data access request in the context of the purpose of the request.

A financial aid officer at a university can access academic records to verify eligibility for financial assistance; but access can be denied to a doctor who is not on a patient's care team.

An in-the-moment awareness of all three factors enables robust access control without blocking valid and necessary access to information.

Without understanding the nature and context of the accessed data, it's impossible to apply PBAC to access requests.

News URL

https://www.helpnetsecurity.com/2022/10/10/purpose-based-access-control/

#accesscontrol