Everyone know RBAC is important. And this is one of the best webinar that demonstrate how the best practices in designing RBAC.
Notes:
- Complexity is the enemy of security
- Don't let perfect become the enemy of the good. 80/20
- Be flexible and ready to be changed over time.
- Top-down approach design
- Bottom-up approach for role discovery (engineering)
- Business user tier Vs App entitlement tier.