Sto studiando per la certificazione CISSP e una delle lezioni video che ho visto (CBT Nuggets) mi ha davvero confuso. Ecco alcuni estratti dalla conferenza:
"Role Based Access Control doesn't always use the role for the basis for how it's going to divide information and access the information"
"Now let's get into, I guess the easiest way to define it is the 'types of RBAC' that you might see out there. The first one is role based and that one is the one that's naturally the idea here because we're talking about role based access control. But what I'm also going to say is that there's also what's known as Task Based Access Control, also called RBAC. In other words, the way we're going to divide our groups or our containers is either going to be by role or by task.
È corretto considerare il controllo dell'accesso basato sulle attività come un tipo di RBAC? Ciò non sembra giusto e altre risorse sembrano discuterne come un quadro di controllo accessi completamente separato (ad esempio link )