Role Based Access Control Improves Building Security
27 July 2022
With many organisations having implemented hybrid working, there is an even greater need to control access to their buildings and the areas within that an individual can go into. Role based access control provides a way to achieve this and ensure that a building’s security is maintained at all times.
What is Role Based Access Control?
Firstly, Role Based Access Control or RBAC as it is sometimes called, provides a way to assign permissions to an individual. By using role-based access control, an organisation can manage and control which areas an individual can access. Classic examples where role-based access control may apply include:
- Visitors and contractors who are provided temporary access to specific building areas on any given day or at a given time
- IT areas which are restricted for security reasons to IT staff and so preventing unauthorised access
- Facilities and systems within a building, to prevent unwanted intrusions and access to areas where key building infrastructure systems are managed from
- Scientific laboratories and clean room areas where research & development or work with hazardous substances takes place
- Factory assembly areas which can include sections requiring specific health & safety arrangements and training
- General office environments, reception areas and meeting rooms
- Specific departments handling sensitive data including finance and human resources
The Benefits of Role Based Access Control
Apart from improved security, RBAC makes it easier to implement organisational policies and procedures, including those related to employee welfare, health & safety and business continuity.
Assigning permissions to a credential and user provides clear data from which to audit security and access control in a building. As people move throughout a building, their build up an audit trail in terms of where they have been granted entry to or exit from, and also denied access areas. The audit trail provides the basis for reports such as ‘Who, When and Where’ available in access control systems such as EntroWatch. The information gather can help to prevent potential intrusions and also provide critical data should a breach occur and require investigation and corrective actions.
Role based access control also allows individuals to be grouped into their roles, easing system administration. Individuals may be assigned to specific groups such as ‘office workers’ or ‘sub-contractors’. The permissions assigned to these groups automatically assign to the individuals in those groups. Roles become pre-defined, improving system efficiency and reducing the administrative burden placed by multiple users in large access control systems, where permission changes can be frequent.
Implementing Role Based Access Control
The most important thing to do when preparing to implement role-based access control is to prepare a complete list of all the roles, access levels, groups, users, credentials and multi-factor authentication requirements.
Having such a document, which is normally in a spreadsheet format, allows for auditing and also change control as the organisation adapts to changes i.e. in building usage and population growth, system and security needs. The document provides a clear overview of the existing configuration but requires change control and regular updates to meet changes in the actual access control system setup. For some access control systems, the document simply provides a way to configure a new system, which may itself include the necessary screens and formats for auditing, monitoring and control.
There is no doubt as to the benefits of adopting role-based access control as a way to setup, monitor and control security in a building. Even with just a few users, RBAC provides a way to secure and protect both buildings, and the people and assets within. Coupled with ‘Who, When and Where’ reporting, role-based access control provides a sound platform for the management and control of security in any building.