Abstract—Access control list have been implemented in many
area. This concept of rules can be used to manage user
authorization in the large organization. It can be designed based
on standard Role Based Access Control List (RBAC) or
equivalent. Role access control list should be surrounding by
module such as identification, authentication, authorization and
auditing which can make the system effective. Role mining will
help to define each task correctly in order to avoid conflict when
the system establish. Once the identification is been provided
system will authenticate based on active directory or through
protected database based on hardware of software. A strong
authentication and encrypted will increase user confident to
access and employ role based system. The database can be
located in the same system or it can be in different location. The
structure of access control list and the relation with database
will define the efficiency and performance of the system. Once
the system is working an audit trail will be provided to check all
processing and action. A good policy will defined the correct
access to specific task. The management of role and policies
will assist the access control list to perform as been intended to
reduce potential risks and vulnerabilities by embed in the
network or through VPN workflow. In this paper architecture,
design and policy will be further discussed through the
observation and recommendation to increase the maturity of
access control in the organization.
Index Terms—Access control list, flexibility, role, security,
embedded.
Sharipah Setapa is with MIMOS, Malaysia (e-mail:
sharipah@mimos.my).
Cite: Sharipah Setapa and Tengku Puteri Suhilah, "An Access Control List for Role-Based System: An Observation and Recommendation," International Journal of Information and Education Technology vol. 4, no. 6, pp. 468-472, 2014.