1. Field of the Invention
The present invention is related generally to a data processing system and in particular to a method and apparatus for access control. More particularly, the present invention is directed to a computer implemented method, apparatus, and computer usable program code for dynamic determination of access control checks in a mixed role based access control (RBAC) and discretionary access control (DAC) environment.
2. Description of the Related Art
In a data processing system in which multiple different users access and execute operations, security and other access control measures may be necessary to prevent one or more users from accessing certain resources and/or executing certain operations. For example, an owner or creator of a file may wish to prevent other users from modifying the owner's file. Access controls are used to control which users have access to a file and what types of operations these users can perform on the file.
In traditional UNIX®, file execution and other operations can be controlled or restricted using discretionary access control (DAC) file mode bits. Discretionary access control permission is defined in accordance with the identity of the user or invoker of a command. A user or invoker may have an identity such as owner, member of a group, or other. Each file has read, write, and execute mode bits granting permission or authorization to perform read, write, or execute operations for a file owner, a group, and/or all others. These mode bits are known as discretionary access control mode. When a file is executed, this discretionary access control mode is checked against the invoker's credentials. If the invoker's credentials match the discretionary access control mode bits, then access is allowed. For example, the /usr/bin/ls command has permissions like, “-r-xr-xr-x bin bin/usr/bin/ls.” This means any user can execute this command. The /usr/sbin/slibclean command has permissions like, “-r-x------root system /usr/sbin/slibclean,” so only a root user can execute this command.
Unlike discretionary access control, role based access control (RBAC) defines access to command execution based on what authorizations the user has been assigned rather than basing access on the user's identity. In role based access control, a role consists of a set of authorizations. A role is assigned to one or more users. Multiple roles may be assigned to a single user.
Each of the roles in a role-based access control system has certain privileges and authorizations assigned to them which allow the users assigned to these roles to execute certain privileged programs or processes, and/or access privileged data. The authorizations in the role determine the command access available for the user.
When a role based access control framework is used in conjunction with a discretionary access control mechanism, a policy is designed that allows role based access control enforcement to occur while still honoring discretionary access control when required. Current solutions address the discretionary access control and role based access control interactions as an “AND” policy in that the invoker must succeed or be authorized under both the discretionary access control and role based access control mechanisms in order to execute a given command. Thus, the invoker must be authorized under the discretionary access control mode bits and be assigned to a role authorized to execute the given command.
To satisfy this requirement, the discretionary access control mode bits for role based access control restricted commands typically are modified to allow everyone access. The role based access authorizations for the command then determine the invoker's authorization to execute the command. However, changing mode bits to grant everyone access presents a potential security threat if the role based authorization restrictions are ever removed from the file. In this case, a user may be able to execute a privileged command that they should not be able to execute.
Additionally, all customers may not desire to use role based access control in their working environment. Thus, modifying the mode bits presents issues when trying to support both discretionary access control and role based access control enabled modes of operation.