SSCP: CBAC vs. VBAC
-
I was trying to categorize something I came across today. Across our enterprise we use an Aruba system to provide wireless. I can log into the Aruba system and create guest wireless accounts. I assumed I was logging into my local device in our closet, however, I was told that everyone logs into the same webpage to create guest wireless, but I could only see the guest wireless accounts I have created under my account. Is this a View-Based Access Control or a Content-Dependant Access Control?
-
James,
I'm not sure exactly where I would classify this. But technically, this is Content-Dependent Access Control.
Normally, when we're talking about the View-Based Access Control. Everyone can access the same files, just not the same information within the file. In your case, lets say that you can see everyone's files, but not just everything in the files. So you may be able to see all the names of people in the wireless database but you're not allowed to see, their department or other information.
When we're talking about Content-Dependent Access control, only certain people can access a particular record based on content of that record. For example, in your case, each user you create would be considered yours but not mine and I wouldn't have access it because the system checks to determine who it belongs to and it wouldn't belong to me, so I wouldn't get access to those records.
Mike or Don may want to correct me on this but I believe this is correct.
Cordially,
Ronnie Wong
Host, ITProTV -
I think that answers my question. It seemed like a close line but I placed it as CDAC. thanks.