Data Access Services allows for the consumption of data, ensuring the right policies as determined by Data Access Governance (DAG) is implemented. DAG determines, manages and monitors who has access to which data and how that data is classified, as well as provide an audit trail of access and permission activities.
Two possible approaches are attribute-based and role-based access control.
* Attribute-based access control (ABAC) is a logical access control methodology where authorization to access data is determined by evaluating attributes (metadata) associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.
* Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions needed to access data.
Enforcement can take place within identity and access infrastructure or through dedicated Policy Enforcement/Control Points.
|
|
UUID | 61163dbd-4293-4d07-89ab-e91b38473077 |
stereotype | Taxonomy Element |
C3T UUID | 61163dbd-4293-4d07-89ab-e91b38473077 |
C3T URL | https://tide.act.nato.int/mediawiki/taxonomy/index.php/CR-1142 |
C3T Version | Generated from the Taxonony Wiki on 8 December 2022 |
C3T Date | 8 December 2022 |
Creator | HQ SACT |
Publisher | HQ SACT |
Classification | Unmarked |
Policy Identifier | Public |