When we talk about RBAC, the first thing that comes to mind are security groups and the managers or owners of the security groups. Now, in the discussion around role-based access, we also use the term discretionary access control, also known as RBAC. But when we look at RBAC, we typically see a lot of security groups in a one-to-one relationship between the organizations and the security groups. This can be okay and manageable for a small organizations, but as the organization grows, these memberships of the groups become really hard to manage, and also to monitor who has access to what. The following image is a classic depiction of this challenge:
So, how does an organization look at this problem? Most organizations use the MIM Service and Portal, but this only helps in automating processes in the groups; it does not solve the overall problem— it just mitigates it. This is where role-based access with BHOLD comes in. We will also talk about privileged access management...