Real Life Lessons: Access Control
[flickr]photo:321434733(small)[/flickr]The third lesson to learn from my incident is the importance of access control. This model is often described in policy and procedure terms. We’ll use as an example, the different levels of people who I allow into my house.
From a policy perspective, I lay out the rules and roles of different people who are permitted to access my house:
- I always allow myself access to my house. In I.T. terms, I am my house’s administrator (or “root”) and have permission to go everywhere.
- I also allow my cats access to much of my house. However, as I have a higher level of clearance, there are certain rooms into which I may go (laundry room, exercise room), from which my cats are banned.
- At a lower level of clearance are my friends and family. While they can come over, I generally prefer that this occur only when I am present. While they are some rooms in which they are permitted without supervision (bathroom), others I need to be present (bedroom and office).
- Lastly, some people fall under the “service personnel” category (plumbers, electricians, etc). Their access is limited to a “need to know” basis, and I tend to be present at all times.
- All other people are not permitted in my house.
Once a policy is defined, the next step is to implement it. There are many many ways to do this. In my case, I use an access control list (ACL) which defines who has access to do what, and rely on a combination of mandatory and discretionary access controls. Allow me to explain:
- To implement (1) in the policy, I give myself a set of keys to everything in the house. This gives me complete access to everything that exists. The ACL entry would read: “Me: ALL“. The control would be mandatory, as I require a key to access what I need.
- To implement (2) in the policy, I give my cats free range to all the rooms in which they are permitted. For the rooms from which they are banned, I simply close the door. The ACL entry would read: “Cats: ALL except ‘laundry room, exercise room, office’“. The control would be mandatory, as I am relying on the fact that my cats lack opposible thumbs and cannot operate the doorknobs. (They are also not allowed on the kitchen table or counters, but this is a descrectionary control, as can evidenced by the fact that I often hear a thump when I walk into the kitchen, followed by a small furry face looking up at me with a perfect picture of innocence.)
- To implement (3) in the policy, I had to be somewhat more complicated. Generally, my friends are allowed in my house, but only when I am present. However, in certain circumstances (when I am traveling), certain friends are allowed to come over and feed my cats. The ACL here is somewhat more complex:
- “Friends: ALL when ‘Me in room’“
- “Friends: ‘bathroom, kitchen, living room’ when ‘Me in house’“
- “Friends.trusted: ‘bathroom, kitchen, living room’“
The control here is a combination of mandatory and discretionary. In order to access my house, my friends must either request access (ring the doorbell) and have it granted (I open the door and let them in) or be in the Friends.trusted group (I give them a key). This allows them access to the house. Once they are in, I rely on the discretionary access control of social mores (the customs, not the eels) to keep them from digging around my private areas.
- To implement (4) in the policy, I use a similar method as with friends but with a tighter ACL rule: “ServicePersonnel: ALL when ‘Me in room’ AND ‘have reason’“. As with my friends, the service personnel must request access and have it granted. Then, I stay with them at all times keep them where they only have a reason to be.
- To implement (5) in the policy, I simply keep the doors locked and the security system armed.
Though I failed operationally to implement (5) at the time of my incident, I have corrected this problem. My questions for you:
- What different roles/groups of people do you have in your business?
- How do you make sure that you limit access to these roles?