Permissions and access controls

3.3 Explain important concepts pertaining to identity and access management for server administration.

📘CompTIA Server+ (SK0-005) 

1. Role-Based Access Control (RBAC)

What it means

Role-Based Access Control (RBAC) assigns permissions based on a user’s job role, not individually.

Instead of assigning permissions to each user:

  • You assign permissions to a role
  • Then assign users to that role

How it works (IT Example)

  • A Database Administrator role:
    • Full access to databases
  • A Help Desk role:
    • Reset passwords only
  • A Backup Operator role:
    • Can perform backups but cannot modify data

Users inherit permissions from the role they belong to.

Key Benefits

  • Easier to manage large environments
  • Reduces configuration errors
  • Ensures consistent access control

Exam Tips

  • RBAC = based on job function
  • Users → assigned to roles → roles have permissions
  • Common in systems like:
    • Active Directory
    • Linux groups

2. Rule-Based Access Control

What it means

Rule-Based Access Control uses system-defined rules or conditions to allow or deny access.

Access decisions are made based on:

  • Time
  • IP address
  • Device type
  • Security policies

How it works (IT Example)

  • Allow login only during office hours
  • Deny access if request comes from an unknown IP
  • Allow access only if system is patched and compliant

Key Characteristics

  • Dynamic (changes based on conditions)
  • Often used with firewalls and security policies
  • Can override other access types

Exam Tips

  • Rule-based = IF condition → THEN allow/deny
  • Used in:
    • Firewalls
    • Network access control systems
    • Conditional access policies

3. Scope-Based Access Control

What it means

Scope-based access control limits access based on a specific area, resource, or boundary.

It defines where permissions apply.

How it works (IT Example)

  • A user can:
    • Manage only one server
    • Access only a specific folder or database
  • Admin access limited to:
    • A specific department’s systems
    • A specific cloud resource group

Key Points

  • Restricts access to a defined scope
  • Works together with RBAC
  • Common in:
    • Cloud platforms
    • File systems
    • Enterprise environments

Exam Tips

  • Scope = boundary or limit
  • Example: “Admin of only one system, not all systems”

4. Segregation of Duties (SoD)

What it means

Segregation of Duties (SoD) means splitting responsibilities across multiple users to reduce risk.

No single user should have full control over critical processes.

How it works (IT Example)

Instead of one user doing everything:

  • User A:
    • Creates accounts
  • User B:
    • Assigns permissions
  • User C:
    • Audits logs

This prevents:

  • Fraud
  • Mistakes
  • Abuse of power

Key Benefits

  • Improves security
  • Adds accountability
  • Helps with compliance (audit requirements)

Exam Tips

  • SoD = no single point of control
  • Important for:
    • Financial systems
    • Sensitive server operations
    • Auditing environments

5. Delegation

What it means

Delegation is the process of giving specific administrative tasks to other users without giving full admin rights.

How it works (IT Example)

  • A junior admin is allowed to:
    • Reset passwords
    • Unlock accounts
  • But cannot:
    • Change server configurations
    • Install software

Key Features

  • Limited privilege assignment
  • Temporary or permanent
  • Controlled access to specific tasks

Benefits

  • Reduces workload on senior administrators
  • Maintains security while allowing operations
  • Supports least privilege principle

Exam Tips

  • Delegation = partial admin rights
  • Often used in:
    • Active Directory (Delegation of Control Wizard)
    • Enterprise environments

Important Related Concepts (VERY IMPORTANT FOR EXAM)

1. Principle of Least Privilege (PoLP)

  • Users get only the access they need
  • Applies to:
    • RBAC
    • Delegation
    • Scope-based access

2. Access Control Types Summary

TypeBased OnKey Idea
Role-BasedJob rolePermissions assigned to roles
Rule-BasedConditionsIF condition → allow/deny
Scope-BasedResource boundaryLimits where access applies
Segregation of DutiesResponsibility separationMultiple users share control
DelegationTask assignmentLimited admin rights

Quick Exam Review (Must Remember)

  • RBAC → Based on job role
  • Rule-based → Based on conditions (time, IP, policy)
  • Scope-based → Limits access to specific resources
  • Segregation of Duties → Split responsibilities
  • Delegation → Assign limited admin tasks

Final Summary

Permissions and access controls are used to:

  • Protect server resources
  • Control user actions
  • Enforce security policies

For the exam, focus on:

  • Differences between each control type
  • Where and why they are used
  • How they improve security
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by