Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 179
Subject-Based
ОглавлениеSubject-based access control looks at characteristics of the subject that are not normally expected to change over time. For example, a print server (as a subject) should be expected to have access to the printers, to the queue of print jobs, and to other related information assets (such as the LAN segment or VLAN where the printers are attached); you would not normally expect a print server to access payroll databases directly! As to human subjects, these characteristics might be related to age, their information security clearance level, or their physical or administrative place in the organization. For example, a middle school student might very well need separate roles defined as a student, a library intern, or a software developer in a computer science class, but because of their age, in most jurisdictions they cannot sign contracts. The web pages or apps that the school district uses to hire people or contract with consultants or vendors, therefore, should be off-limits to such a student.