IAM

RBAC Introductory References

A selection of prioritized introductory references on RBAC and role engineering. The goal of this read list is to help IAM professionals build strong foundations for their RBAC implementation program.

Coyne and Davis, 2008 This book contains everything you need to know to implement RBAC properly. This is very practically oriented towards implementation in organizations and will delight IAM professionals responsible for role engineering.

Sussex, 2013 An excellent reference to get your hands dirty on RBAC implementation. If you are looking into initiating an RBAC project, read this first.

Ferraiolo et al., 2007 This is THE reference book on RBAC. Perhaps a little academic for busy professionals but still very much accessible. I wish Ferraiolo publishes a 3rd edition. Fundamental concepts are discussed in details and even provided with the historical context of their emergence.

A surprisingly good report for a consulting company (I tend to think that consulting companies have strong biases). Introduces the concept of polyarchy that is a key to move out of the common “organization chart” mistake in role engineering.

For an introduction to RBAC, do not read the full article. But read the introduction and skim through the rest of the article to understand how responsibility is interlinked with RBAC and grab a few key concepts.

A 2012 survey on RBAC practical usage in enterprises. Provides interesting insights around RBAC assumptions, strengths and weaknesses.

An economical analysis of RBAC. A great report to pick strong arguments and build up your RBAC business case.