Difference between revisions of "Test Role Definitions (OTG-IDENT-001)"

From OWASP
Jump to: navigation, search
(Created page with "== Summary == It is common amongst modern enterprises to define system roles to manage users and authorization to system resources. == Test objectives == Validate the syst...")
 
Line 14: Line 14:
  
 
== References ==
 
== References ==
 +
 +
[https://www.bookdepository.co.uk/Role-Engineering-for-Enterprise-Security-Management-Edward-Coyne/9781596932180 Role Engineering for Enterprise Security Management, E Coyne & J Davis, 2007]
  
 
[http://csrc.nist.gov/groups/SNS/rbac/standards.html Role engineering and RBAC standards]
 
[http://csrc.nist.gov/groups/SNS/rbac/standards.html Role engineering and RBAC standards]
  
 
== Remediation ==
 
== Remediation ==
 +
 +
Role Engineering
 +
 +
Mapping of business roles to system roles
 +
 +
Separation of Duties

Revision as of 09:30, 28 July 2013

Contents

Summary

It is common amongst modern enterprises to define system roles to manage users and authorization to system resources.

Test objectives

Validate the system roles defined within the application sufficiently define and separate each system and business role

How to test

Example

Tools

References

Role Engineering for Enterprise Security Management, E Coyne & J Davis, 2007

Role engineering and RBAC standards

Remediation

Role Engineering

Mapping of business roles to system roles

Separation of Duties