In some operating systems, such as a UNIX or UNIX-like operating system, access control mechanisms may be used for controlling access to perform privileged functions, jobs or tasks. For example, in a UNIX or UNIX-like operating system, system administration activities are typically performed through a root user account. System administrators responsible for the administration of the system share and/or manage the password to the root account or use access control tools which allow access to the desired jobs/services/objects after authentication has been provided. Thus, the access control tools may be used to grant or revoke access rights for individual users or a group of users.
In order to achieve a higher grade of data security and integrity in a computer system, a role-based access control (RBAC) method and system may be used to execute privileged tasks. The RBAC approach has three main elements: authorizations, roles, and privileges. An authorization is analogous to access rights such that it provides a mechanism to grant rights to perform certain actions on the computer system, thereby providing different levels of functionality to various users. A role is a set of management functions unique to a user on the computer system. Multiple authorizations may be assigned to a role in order to enable users under that role to perform the requisite management functions. Privileges are part of the RBAC infrastructure that provides fine granular control of system functions. A user usually acquires privileges based on authorizations granted to their role. In other words, regular users are allowed access to various system functions when they have relevant privileges. Privileges are typically mapped to bit masks and are used in the kernel space to achieve privileged function-specific security controls. In practice, a role acts as a definition of a job at the lowest level of granularity used in the enterprise or organization. Roles are similar to the regular user identities except that roles are authorized to perform some privileged tasks. Regular users who are assigned to some roles can perform root user functions based on the privileges granted by acquiring or switching into that role. For example, one role might be to manage file systems, while another role might be to enable creation of user accounts. In the RBAC system, the system administrator only has to grant or revoke authorizations to a role, and group different users of the computer system under each role.