 |
|
|
|
 |
 |
 |
|
 |
|
 |
|
 |
 |
|
|
|
||
|
Access control (sometimes referred to as authorization) determines the level of access a person has to an application once they've logged in to it. For example, some users may only be allowed to read the data in a system, where others may have the ability to write or even edit others' data. We grant these different levels of access by placing each user identity into a group and then granting a certain level of access to each member of that group. We place users into groups by one of two methods: managed or ad-hoc. Managed Access Control:In this type of access control, a previously-deifned policy executes a workflow that automatically places users into groups. In this example, users go into one of three groups depending on the type of job they have: nurses, physicians, and volunteers. They will all be able to use the same computer application, but the group in which they have been placed determines what they can do within it. Perhaps nurses can only view patient records in the application while doctors can edit them. Volunteers might only be able to find out which patient is in which room.
Ad-Hoc Access Control:In contrast, ad-hoc access control grants access to users on a case-by-case basis. There is no automated workflow and no policy involved. The system administrator manually adds users to the appropriate group. IDMT uses ad-hoc access control when the desired user population is too diverse—such as in the case of a special project team—to make automated methods of categorization practical. Last updated: 05/12/2006 |
|||||
