Formal Access Control Methodologies and SharePoint

Formal Access Control Methodologies for Microsoft Office Server System

There are a variety of access control methodologies that one can implement within a SharePoint environment. The type of access control that an organization will implement will greatly depend on the business structure, industry, and regulatory compliance considerations that have to be instigated. It is usually helpful however to start the access control process by creating an access control matrix. This matrix will have subjects (users) on one end of the grid (typically on the row) and objects (things a user will access) on the other axis of the grid (typically the column). This will create T diagrams of access, which will help you define exactly how to assimilate the arbitrary access control methodology that your organization chooses.

Mandatory Access Control (MAC) Orange Book B Level

Mandatory Access Control is one of the most restricting types of access control mechanisms from a user standpoint that you can implement with SharePoint. The overlying principle of mandatory access control is that the user is segregated from the access control decision. For each object that gets stored within SharePoint, it is given a sensitivity label. Users are associated with the labels, and whenever access is attempted, the users associated access levels are posted to the sensitivity labels to control access to the object. The users have to be of a certain level in order to access objects of certain sensitivity labels. MAC promotes an overlying control that is not bound to an exact identity, but instead shares a set of rules (Ruled Based Access Controls Lists [RBACL]), which are the methods which define what users can access exactly what SharePoint objects. This is an extremely popular control mechanism for the federal sector since it allows a true segregation for classifications of data across a collaboration environment. Within the federal sector there is typically:

  • Public
  • Secret
  • Top-Secret

An object within SharePoint can be assigned the level of public (the sensitivity label). Users are associated with a sensitivity label, so that certain users are given one of the three levels, whether it is public, secret, or top-secret. Therefore groups of people can access the document as long as the rules are satisfied.

Although MAC is a difficult system to implement, it is considered one of the most secure types of access control systems and for companies with regulatory compliance concerns a very practical implementation.

Discretionary Access Control (DAC) Orange Book C Level

Discretionary Access Control is one of the most common access control implementations that exists within SharePoint. DAC allows content managers to define the management of SharePoint objects as well as actions (such as information policy management and versioning configurations) related to SharePoint objects.

Since there is, within a typical SharePoint implementation, usually a site collection administrator along with related site owners, going down to any arbitrary Secured Object level security. In this, there is typically self service management of access control over various SharePoint objects, so the user is given discretion, which can be given from any number of users. Since with most secured objects in SharePoint, there is always one person with full control over that object, that person will be given the options of specifying the other users that can access the object and how the other users can interact with those objects. Out of the box, SharePoint is an object-to-identity based system, and therefore when setting up a plain vanilla SharePoint site where you will be directly binding identities to objects regardless of membership and role providers, you will be implementing Discretionary Access Control.

Lattice Based Access Control (LBAC) No Orange Book Level Association

LBAC is a concept that involves ordered sets and related subsets.  Within LBAC, there are always two certainties, each which span a finite space:

  • There is always one Least Upper Boundary (LUB)
  • There is always one Greatest Lower Boundary (GLB)

Applying the above two as constraints as finite boundaries, the parameters of the LBAC are the subject and the object being secured. For each object, a user will have a LUB and the GLB in regards to access rights to the object.  Using LBAC, it is possible to maintain the lattice between security objects by allowing a combination to exist through the merging of rules and related classification assignment. In short, for each object that can be accessed, there can be an upper and lower limit for what a user can do.

Rule Based Access Control (RuleBAC) No Orange Book Level Association

RuleBAC is a child of the concept of Mandatory Access Control, since it inherits out of the concept out of an Access Control List. The access to objects however is controlled by rules that can be shared globally across an enterprise. This is heavily tied to the concept of grouping and role basing in SharePoint, where one might define a set of rules that are associated with a group of people that share the same type of access needs and object interactions.

Role Based Access Control (RBAC) No Orange Book Level Association

Role based access controls are becoming extremely popular because of their ease in adding users to federated corporate systems, and there bulk management options. They are incredibly pertinent in SharePoint when exploiting the options available with the ASP.NET role provider models. As opposed to rigid access models that have been presented thus far, RBAC allows a user to be added to a role group that will define the objects that they have permission to as well as legal actions that the user can have with that object. RBAC is used on the Windows Server itself, where there are certain permission groups that a user can be added to, such as Local Administrators or Power users (actions performed through the Computer Management MMC snap-in). The concept of RBAC is the backbone of implementing a Limited User Access (LUA) environment where one can determine the exact amount of access that a user needs in order to finish their job with no unused or extravagant permissions.