WEBVTT

1
00:00:00.000 --> 00:00:01.530
In this lesson,

2
00:00:01.530 --> 00:00:06.530
we will learn about role-based access control, or RBAC.

3
00:00:06.570 --> 00:00:10.440
Role-based access control manages user access

4
00:00:10.440 --> 00:00:14.040
by assigning permissions based on the user's role

5
00:00:14.040 --> 00:00:16.170
within an organization.

6
00:00:16.170 --> 00:00:18.180
Role-based access control

7
00:00:18.180 --> 00:00:22.440
is implemented by defining roles within an organization

8
00:00:22.440 --> 00:00:26.310
and associating specific permissions With each role.

9
00:00:26.310 --> 00:00:29.010
Users are then assigned to roles

10
00:00:29.010 --> 00:00:32.070
and their access rights are inherited from the role

11
00:00:32.070 --> 00:00:33.810
they are assigned to.

12
00:00:33.810 --> 00:00:37.380
Let's learn more about role-based access control.

13
00:00:37.380 --> 00:00:40.500
Role-based access control, or RBAC

14
00:00:40.500 --> 00:00:44.850
allows administrators to assign users to specific roles,

15
00:00:44.850 --> 00:00:46.740
and those roles determine

16
00:00:46.740 --> 00:00:49.710
what resources the user can access.

17
00:00:49.710 --> 00:00:54.510
So, instead of giving individual permissions to each user,

18
00:00:54.510 --> 00:00:57.960
you create roles that represent job functions

19
00:00:57.960 --> 00:01:00.990
and assign permissions to those roles.

20
00:01:00.990 --> 00:01:03.660
Then users are added to the roles

21
00:01:03.660 --> 00:01:05.790
that match their responsibilities.

22
00:01:05.790 --> 00:01:09.810
This makes managing access simpler and more organized,

23
00:01:09.810 --> 00:01:13.080
especially in larger organizations.

24
00:01:13.080 --> 00:01:15.840
In a Windows enterprise environment

25
00:01:15.840 --> 00:01:19.500
role-based access control is typically implemented

26
00:01:19.500 --> 00:01:22.170
using active directory groups.

27
00:01:22.170 --> 00:01:25.110
You first create groups in active directory

28
00:01:25.110 --> 00:01:28.110
that represent roles within the organization,

29
00:01:28.110 --> 00:01:33.110
such as HR for Human Resources, Finance, or IT support.

30
00:01:34.110 --> 00:01:37.500
Then you assign permissions to those groups

31
00:01:37.500 --> 00:01:40.080
based on the resources they need.

32
00:01:40.080 --> 00:01:42.930
For example, the HR group

33
00:01:42.930 --> 00:01:45.600
might have access to employee records,

34
00:01:45.600 --> 00:01:49.860
while the finance group has access to financial records.

35
00:01:49.860 --> 00:01:52.770
To implement role-based access control,

36
00:01:52.770 --> 00:01:55.050
you would then add each user

37
00:01:55.050 --> 00:01:57.750
to the group that matches their role.

38
00:01:57.750 --> 00:02:01.110
If someone changes roles or leaves the company,

39
00:02:01.110 --> 00:02:04.590
all you need to do is update their group membership

40
00:02:04.590 --> 00:02:07.890
and their access will automatically be adjusted.

41
00:02:07.890 --> 00:02:10.380
In a Linux enterprise environment

42
00:02:10.380 --> 00:02:12.150
role-based access control

43
00:02:12.150 --> 00:02:15.870
can be implemented using Linux user groups.

44
00:02:15.870 --> 00:02:18.450
Just like in Windows, you create groups

45
00:02:18.450 --> 00:02:22.110
that represent roles within the organization.

46
00:02:22.110 --> 00:02:26.010
For example, you might create groups like Admins

47
00:02:26.010 --> 00:02:28.620
or Developers or Sales.

48
00:02:28.620 --> 00:02:31.740
Then you assign permissions to those groups

49
00:02:31.740 --> 00:02:36.420
for specific directories or files using Linux permissions.

50
00:02:36.420 --> 00:02:40.920
For instance, the developer's group might have write access

51
00:02:40.920 --> 00:02:42.990
to the source code directories,

52
00:02:42.990 --> 00:02:47.880
while the sales group has only read access to sales reports.

53
00:02:47.880 --> 00:02:51.060
You would then add users to the appropriate groups

54
00:02:51.060 --> 00:02:53.970
to give them the permissions that they need.

55
00:02:53.970 --> 00:02:56.940
This way, when a user joins the company

56
00:02:56.940 --> 00:02:58.680
or moves to a new role,

57
00:02:58.680 --> 00:03:01.770
you can simply modify their group memberships

58
00:03:01.770 --> 00:03:03.990
to update their access.

59
00:03:03.990 --> 00:03:05.850
So remember,

60
00:03:05.850 --> 00:03:09.030
role-based access control or RBAC

61
00:03:09.030 --> 00:03:12.420
manages access by assigning users to roles

62
00:03:12.420 --> 00:03:16.170
that define their permissions within an organization.

63
00:03:16.170 --> 00:03:20.190
Administrators create roles based on job functions

64
00:03:20.190 --> 00:03:24.000
and link them to specific permissions for resources.

65
00:03:24.000 --> 00:03:26.670
Users are then assigned to these roles,

66
00:03:26.670 --> 00:03:31.650
which simplifies access management and ensures consistency.

67
00:03:31.650 --> 00:03:33.720
This approach makes it easier

68
00:03:33.720 --> 00:03:36.780
to update permissions as roles change,

69
00:03:36.780 --> 00:03:40.083
especially in larger organizations.