Home > Archive > 2014 > Volume 4 Number 6 (Dec. 2014) >
IJIET 2014 Vol.4(6): 468-472 ISSN: 2010-3689
DOI: 10.7763/IJIET.2014.V4.452

An Access Control List for Role-Based System: An Observation and Recommendation

Sharipah Setapa and Tengku Puteri Suhilah

Abstract—Access control list have been implemented in many area. This concept of rules can be used to manage user authorization in the large organization. It can be designed based on standard Role Based Access Control List (RBAC) or equivalent. Role access control list should be surrounding by module such as identification, authentication, authorization and auditing which can make the system effective. Role mining will help to define each task correctly in order to avoid conflict when the system establish. Once the identification is been provided system will authenticate based on active directory or through protected database based on hardware of software. A strong authentication and encrypted will increase user confident to access and employ role based system. The database can be located in the same system or it can be in different location. The structure of access control list and the relation with database will define the efficiency and performance of the system. Once the system is working an audit trail will be provided to check all processing and action. A good policy will defined the correct access to specific task. The management of role and policies will assist the access control list to perform as been intended to reduce potential risks and vulnerabilities by embed in the network or through VPN workflow. In this paper architecture, design and policy will be further discussed through the observation and recommendation to increase the maturity of access control in the organization.

Index Terms—Access control list, flexibility, role, security, embedded.

Sharipah Setapa is with MIMOS, Malaysia (e-mail: sharipah@mimos.my).


Cite: Sharipah Setapa and Tengku Puteri Suhilah, "An Access Control List for Role-Based System: An Observation and Recommendation," International Journal of Information and Education Technology vol. 4, no. 6, pp. 468-472, 2014.

General Information

  • ISSN: 2010-3689 (Online)
  • Abbreviated Title: Int. J. Inf. Educ. Technol.
  • Frequency: Monthly
  • DOI: 10.18178/IJIET
  • Editor-in-Chief: Prof. Dr. Steve Thatcher
  • Executive Editor: Ms. Nancy Y. Liu
  • Abstracting/ Indexing: Scopus (CiteScore 2022: 2.0), INSPEC (IET), UGC-CARE List (India), CNKI, EBSCO, Google Scholar
  • E-mail: ijiet@ejournal.net


Article Metrics in Dimensions