Access Entitlement: A Graph Based RBAC Implementation

Updated: Apr 21, 2020

Contributors: Seyed Hossein Ahmadinejad, Hadi Ahmadi, Derek Small

Abstract

Granting or denying access to protected resources and assets is of increasing concern for organizations. The implementation of business continuance plans as a result of shelter in place or work from home pandemic orders is elevating the importance of access management systems. Securing who has access to protected resources can be achieved by definition of fine-grained entitlements for protected resources and then the granting of entitlements to the people, processes or things that need access to the protected resources.

 

Building and maintaining an access entitlement system is significantly onerous in large organizations when many protected resources and many users requesting access to them exist. Role Based Access Control (RBAC) has been proposed to address the challenge of aggregating fine-grained entitlements into coarse-grained roles using #graph algorithms.

 

Grouping or aggregating entitlements to define roles has remained an open problem. Nulli recently delivered a solution that harnessed the power of the Neo4j™ graph database to facilitate the use of RBAC. Role Engineering using a graph database, like #Neo4j, provided Nulli with a successful outcome to the challenge of efficiently aggregating entitlements into roles. The Nulli team approached the problem from a perspective that focused on the relationships between users, protected resources, and entitlements. Relationships are critical to the successful definition of aggregated roles and graph databases excel at surfacing and mapping relationships.

 

Recent advances in graph storage solutions and in particular Neo4j, have allowed us to propose the idea of designing and implementing role engineering methods against RBAC states modelled in graph. The white paper attached in this post provides a succinct explanation of the implemented approach.

 

Give our paper a read and let us know if we can provide you with more information on how to utilize the power of graphs in a well-structured RBAC system for secure access management.

Download the Document

* required

To understand how we protect your privacy, please consult our privacy policy.

Address

Nulli - Identity Management
401 - 1167 Kensington Crescent NW

Calgary, AB, Canada, T2N 1X7

Phone
+1 403 648 0900

Photo Credits

Dave B. | Alex P. | Kelly H.

Resources
 

Blogs

News & Events

White Papers & Case Studies
 

© 2020 Nulli Secundus Inc. All rights reserved. | Privacy Policy | Terms of Use

Everyone. Every thing. Everywhere.™

  • White LinkedIn Icon
  • White Twitter Icon
  • github-logo