The majority of organizations face a major problem in controlling access to confidential information. It is often associated with customer trust which makes it more critical to protect from misuse. Data that could identify an individual needs to be protected by a set of policies that prevent identity theft, breach of systems or accounts, and other serious consequences. To minimize the risk and to limit the chance of a breach access to sensitive information should be restricted based on the role of the person who is authorized.
There are a variety of models for granting access to sensitive information. The most basic, discretionary access control (DAC) permits administrators or the owner to decide who can access the files they have and what actions these authorized users can take on them. This model is the default in most Windows, macOS, and UNIX file systems.
A more robust and secure method is to use role-based access control (RBAC). This model aligns privileges with the specific requirements of each job. It also implements key security principles, including separation of privilege as well as the principle of the least privilege.
Fine-grained control of access extends beyond RBAC, allowing administrators to grant access to users based on their identity. It works by combining something you know, like an account number or password; something that you have like keys, access cards or devices that generate codes and something that you are, such as a fingerprint, iris scan or voice print. This allows for greater the control of your information and eliminates many of the common issues that arise from authorization, such as unmonitored access by former employees and access to sensitive information through applications from third parties.