...
Contexts
...
IAM, Information Security
...
Term
...
Access Granularity
...
Alternative Forms
...
Access Granularity
Definitions
Definition 1
Access granularity designates the scale or precision level(s) at which access control is supported by a system.
A system that supports finer grained access controls may provide more configurational flexibility but may require higher maintenance costs, unless it provides efficient mechanisms to simplify and automate access management. Conversely, a system that supports coarser grained access controls may provide less configurational flexibility but may require lower maintenance costs.
A system may simultaneously support multiple access granularity levels. When loosely speaking about the granularity of a system, the intention is often to get a sense of the flexibility provided by a system and thus the smallest level is generally implied.
Examples
...
a file server may support file-level ACLs as its smallest access granularity.
a relational database management system may support database-level, table-level, row-level and field-level access granularities.
a business application may implement complex policy-based access control mechanisms that resolve in a matrix of record and operation access granularity levels where both record and operation accesses are required to gain access.
Related Terms
Access
Authorization
Coarse-Grained Access Controls
Fine-grained Access Controls
Information Asset
Information Asset Granularity
Quotes
Degree of Granularity – Typically, more simplistic structures such as ACLs or IBAC may be adequate when coarse access decisions are needed, such as the ability to gain access to an enterprise based on membership in an organization. On the other hand, implementing fine-grained controls may be more suitable for granting access to information, where many factors may have to be considered to implement formal release policies established for each information object requested. Here an ABAC or PBAC structure may be more suitable.
...