Role-Based vs. Attribute-Based Access Control in Multi-Tenant Full-Stack Applications
DOI:
https://doi.org/10.63282/3117-5481/AIJCST-V7I2P107Keywords:
Role-Based Access Control (Rbac), Attribute-Based Access Control (Abac), Multi-Tenant Applications, Full-Stack Development, Security PoliciesAbstract
The access control plays a critical role in securing the digital systems, especially multi-tenant full-stack applications contains various organizations or users operating under the same infrastructure. This article examines Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) in the context of applications. RBAC provides a straightforward way of assigning permissions depends upon the user roles, it is simple and easy to understand, but ABAC takes into consideration various attributes of users, resources, and the environments, giving a fine-grained level of control. Nonetheless, using one or another of these models in multi-tenant systems presents trade-offs that incorporate scalability, flexibility, complexity of enforcement, and overhead administration. In this paper, both RBAC and ABAC are considered in different multi-tenant full-stack settings. Since RBAC lacks the flexibility of policy enforcement provided by ABAC, we suggest a hybrid model; we would take the hierarchical characteristic nature of RBAC and combine it with the granularity of the issue that is presented by the acronym, which is ABAC. The steps will involve the development of a working prototype system, policy schema definition, incorporation of an authentication layer and experimentation on real-world datasets in order to emulate multi-tenant settings. Scalability, response time, and policy evaluation time are the metrics used in evaluation. Administrative overhead is also used as an evaluation metric. The most important conclusions are that ABAC is more flexible in dynamic, attribute-rich conditions, whereas RBAC does offer good policy enforcement practices and easy integration. The weaknesses of the two are alleviated in the hybrid approach, and contextual attributes can result in dynamic role assignment. There are also case studies of multi-tenant access management at various organizations with the help of various models. In the paper, future work on machine learning-based policy suggestion engines and interoperability frameworks across cloud ecosystems will be highlighted, as well as several recommendations about how to address the need
References
[1] Sandhu, R. S. (1998). Role-based access control. In Advances in Computers (Vol. 46, pp. 237-286). Elsevier.
[2] Jin, X., Krishnan, R., & Sandhu, R. (2012, July). A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy (pp. 41-55). Berlin, Heidelberg: Springer Berlin Heidelberg.
[3] Yuan, E., & Tong, J. (2005, July). Attribute-based access control (ABAC) for web services. In the IEEE International Conference on Web Services (ICWS'05). IEEE.
[4] Hu, C. T. (2014). Attribute-Based Access Control (ABAC) Definition and Considerations.
[5] Servos, D., & Osborn, S. L. (2017). Current Research and Open Problems in Attribute-Based Access Control ACM Computing Surveys (CSUR), 49(4), 1-45.
[6] Zhang, Y., & Joshi, J. (2009). Access Control and Trust Management for Emerging Multidomain Environments (pp. 421-452). Emerald Group Publishing.
[7] Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., & Ghafoor, A. (2011). A distributed access control architecture for cloud computing. IEEE software, 29(2), 36-44.
[8] Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
[9] Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE Security & Privacy, 8(6), 24-31.
[10] Sandhu, R., Robbins, K. A., White, G. B., Zhang, W., & Park, J. (2014). Multi-tenant access control for cloud services.
[11] Ulusoy, H., Colombo, P., Ferrari, E., Kantarcioglu, M., & Pattuk, E. (2015, April). GuardMR: Fine-grained security policy enforcement for MapReduce systems. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (pp. 285-296).
[12] Ahmad, W., Sunshine, J., Kaestner, C., & Wynne, A. (2015, October). Enforcing fine-grained security and privacy policies in an ecosystem within an ecosystem. In Proceedings of the 3rd International Workshop on Mobile Development Lifecycle (pp. 28-34).
[13] Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and Access Management in Cloud Environments: Mechanisms and Challenges. Engineering science and technology, an international journal, 21(4), 574-588.
[14] El Sibai, R., Gemayel, N., Bou Abdo, J., & Demerjian, J. (2020). A survey on access control mechanisms for cloud computing. Transactions on Emerging Telecommunications Technologies, 31(2), e3720.
[15] Hayton, R. J., Bacon, J. M., & Moody, K. (1998, May). Access control in an open distributed environment. In Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No. 98CB36186) (pp. 3-14). IEEE.
[16] Sandhu, R., Ferraiolo, D., & Kuhn, R. (2000, July). The NIST Model for Role-Based Access Control: Towards a Unified Standard. In ACM workshop on Role-based access control (Vol. 10, No. 344287.344301).
[17] Fatima, A., Ghazi, Y., Shibli, M. A., & Abassi, A. G. (2016). Towards Attribute‐Centric Access Control: an ABAC versus RBAC argument. Security and Communication Networks, 9(16), 3152-3166.
[18] Lo, N. W., Yang, T. C., & Guo, M. H. (2015). An attribute-role-based access control mechanism for multi-tenancy cloud environments. Wireless Personal Communications, 84(3), 2119-2134.
[19] Khan, J. A. (2024). Role-based access control (RBAC) and attribute-based access control (ABAC). In Improving security, privacy, and trust in cloud computing (pp. 113-126). IGI Global Scientific Publishing.
[20] Solanki, N., Zhu, W., Yen, I. L., Bastani, F., & Rezvani, E. (2016, June). Multi-tenant access and information flow control for SaaS. In 2016, IEEE International Conference on Web Services (ICWS) (pp. 99-106). IEEE.
[21] Rusum, G. P., Pappula, K. K., & Anasuri, S. (2020). Constraint Solving at Scale: Optimizing Performance in Complex Parametric Assemblies. International Journal of Emerging Trends in Computer Science and Information Technology, 1(2), 47-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I2P106
[22] Rahul, N. (2020). Vehicle and Property Loss Assessment with AI: Automating Damage Estimations in Claims. International Journal of Emerging Research in Engineering and Technology, 1(4), 38-46. https://doi.org/10.63282/3050-922X.IJERET-V1I4P105
[23] Enjam, G. R., & Tekale, K. M. (2020). Transitioning from Monolith to Microservices in Policy Administration. International Journal of Emerging Research in Engineering and Technology, 1(3), 45-52. https://doi.org/10.63282/3050-922X.IJERETV1I3P106
[24] Pedda Muntala, P. S. R., & Jangam, S. K. (2021). Real-time Decision-Making in Fusion ERP Using Streaming Data and AI. International Journal of Emerging Research in Engineering and Technology, 2(2), 55-63. https://doi.org/10.63282/3050-922X.IJERET-V2I2P108
[25] Rahul, N. (2021). AI-Enhanced API Integrations: Advancing Guidewire Ecosystems with Real-Time Data. International Journal of Emerging Research in Engineering and Technology, 2(1), 57-66. https://doi.org/10.63282/3050-922X.IJERET-V2I1P107
[26] Enjam, G. R., & Chandragowda, S. C. (2021). RESTful API Design for Modular Insurance Platforms. International Journal of Emerging Research in Engineering and Technology, 2(3), 71-78. https://doi.org/10.63282/3050-922X.IJERET-V2I3P108
[27] Karri, N., Pedda Muntala, P. S. R., & Jangam, S. K. (2021). Predictive Performance Tuning. International Journal of Emerging Research in Engineering and Technology, 2(1), 67-76. https://doi.org/10.63282/3050-922X.IJERET-V2I1P108
[28] Rusum, G. P. (2022). Security-as-Code: Embedding Policy-Driven Security in CI/CD Workflows. International Journal of AI, BigData, Computational and Management Studies, 3(2), 81-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I2P108
[29] Jangam, S. K., Karri, N., & Pedda Muntala, P. S. R. (2022). Advanced API Security Techniques and Service Management. International Journal of Emerging Research in Engineering and Technology, 3(4), 63-74. https://doi.org/10.63282/3050-922X.IJERET-V3I4P108
[30] Anasuri, S. (2022). Zero-Trust Architectures for Multi-Cloud Environments. International Journal of Emerging Trends in Computer Science and Information Technology, 3(4), 64-76. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I4P107
[31] Pedda Muntala, P. S. R., & Karri, N. (2022). Using Oracle Fusion Analytics Warehouse (FAW) and ML to Improve KPI Visibility and Business Outcomes. International Journal of AI, BigData, Computational and Management Studies, 3(1), 79-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I1P109
[32] Rahul, N. (2022). Optimizing Rating Engines through AI and Machine Learning: Revolutionizing Pricing Precision. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(3), 93-101. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I3P110
[33] Enjam, G. R. (2022). Secure Data Masking Strategies for Cloud-Native Insurance Systems. International Journal of Emerging Trends in Computer Science and Information Technology, 3(2), 87-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I2P109
[34] Karri, N. (2022). AI-Powered Anomaly Detection. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(2), 122-131. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I2P114
[35] Tekale, K. M. T., & Enjam, G. reddy . (2022). The Evolving Landscape of Cyber Risk Coverage in P&C Policies. International Journal of Emerging Trends in Computer Science and Information Technology, 3(3), 117-126. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I1P113
[36] Rusum, G. P. (2023). Large Language Models in IDEs: Context-Aware Coding, Refactoring, and Documentation. International Journal of Emerging Trends in Computer Science and Information Technology, 4(2), 101-110. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I2P110
[37] Jangam, S. K. (2023). Importance of Encrypting Data in Transit and at Rest Using TLS and Other Security Protocols and API Security Best Practices. International Journal of AI, BigData, Computational and Management Studies, 4(3), 82-91. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P109
[38] Anasuri, S., & Pappula, K. K. (2023). Green HPC: Carbon-Aware Scheduling in Cloud Data Centers. International Journal of Emerging Research in Engineering and Technology, 4(2), 106-114. https://doi.org/10.63282/3050-922X.IJERET-V4I2P111
[39] Reddy Pedda Muntala , P. S. (2023). Process Automation in Oracle Fusion Cloud Using AI Agents. International Journal of Emerging Research in Engineering and Technology, 4(4), 112-119. https://doi.org/10.63282/3050-922X.IJERET-V4I4P111
[40] Rahul, N. (2023). Personalizing Policies with AI: Improving Customer Experience and Risk Assessment. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 85-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P110
[41] Enjam, G. R. (2023). Optimizing PostgreSQL for High-Volume Insurance Transactions & Secure Backup and Restore Strategies for Databases. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 104-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P112
[42] Tekale, K. M., & Rahul, N. (2023). Blockchain and Smart Contracts in Claims Settlement. International Journal of Emerging Trends in Computer Science and Information Technology, 4(2), 121-130. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I2P112
[43] Karri, N. (2023). Intelligent Indexing Based on Usage Patterns and Query Frequency. International Journal of Emerging Trends in Computer Science and Information Technology, 4(2), 131-138. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I2P113
[44] Rusum, G. P., & Anasuri, S. (2024). AI-Augmented Cloud Cost Optimization: Automating FinOps with Predictive Intelligence. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(2), 82-94. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I2P110
[45] Enjam, G. R., & Tekale, K. M. (2024). Self-Healing Microservices for Insurance Platforms: A Fault-Tolerant Architecture Using AWS and PostgreSQL. International Journal of AI, BigData, Computational and Management Studies, 5(1), 127-136. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I1P113
[46] Rahul, N. (2024). Revolutionizing Medical Bill Reviews with AI: Enhancing Claims Processing Accuracy and Efficiency. International Journal of AI, BigData, Computational and Management Studies, 5(2), 128-140. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P113
[47] Partha Sarathi Reddy Pedda Muntala, "Enterprise AI Governance in Oracle ERP: Balancing Innovation with Risk" International Journal of Multidisciplinary on Science and Management, Vol. 1, No. 2, pp. 62-74, 2024.
[48] Jangam, S. K. (2024). Research on Firewalls, Intrusion Detection Systems, and Monitoring Solutions Compatible with QUIC’s Encryption and Evolving Protocol Features . International Journal of AI, BigData, Computational and Management Studies, 5(2), 90-101. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P110
[49] Anasuri, S., Pappula, K. K., & Rusum, G. P. (2024). Sustainable Inventory Management Algorithms in SAP ERP Systems. International Journal of AI, BigData, Computational and Management Studies, 5(2), 117-127. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P112
[50] Karri, N. (2024). ML Algorithms that Dynamically Allocate CPU, Memory, and I/O Resources. International Journal of AI, BigData, Computational and Management Studies, 5(1), 145-158. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I1P115
[51] Tekale, K. M., & Enjam, G. R. (2024). AI Liability Insurance: Covering Algorithmic Decision-Making Risks. International Journal of AI, BigData, Computational and Management Studies, 5(4), 151-159. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I4P116
[52] Rahul, N. (2020). Optimizing Claims Reserves and Payments with AI: Predictive Models for Financial Accuracy. International Journal of Emerging Trends in Computer Science and Information Technology, 1(3), 46-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I3P106
[53] Enjam, G. R., & Chandragowda, S. C. (2020). Role-Based Access and Encryption in Multi-Tenant Insurance Architectures. International Journal of Emerging Trends in Computer Science and Information Technology, 1(4), 58-66. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I4P107
[54] Pedda Muntala, P. S. R. (2021). Integrating AI with Oracle Fusion ERP for Autonomous Financial Close. International Journal of AI, BigData, Computational and Management Studies, 2(2), 76-86. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I2P109
[55] Rahul, N. (2021). Strengthening Fraud Prevention with AI in P&C Insurance: Enhancing Cyber Resilience. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 43-53. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P106
[56] Enjam, G. R., Chandragowda, S. C., & Tekale, K. M. (2021). Loss Ratio Optimization using Data-Driven Portfolio Segmentation. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 54-62. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P107
[57] Karri, N. (2021). AI-Powered Query Optimization. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 63-71. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P108
[58] Rusum, G. P., & Pappula, kiran K. . (2022). Event-Driven Architecture Patterns for Real-Time, Reactive Systems. International Journal of Emerging Research in Engineering and Technology, 3(3), 108-116. https://doi.org/10.63282/3050-922X.IJERET-V3I3P111
[59] Jangam, S. K. (2022). Role of AI and ML in Enhancing Self-Healing Capabilities, Including Predictive Analysis and Automated Recovery. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(4), 47-56. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I4P106
[60] Anasuri, S., Rusum, G. P., & Pappula, kiran K. (2022). Blockchain-Based Identity Management in Decentralized Applications. International Journal of AI, BigData, Computational and Management Studies, 3(3), 70-81. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I3P109
[61] Pedda Muntala, P. S. R. (2022). Enhancing Financial Close with ML: Oracle Fusion Cloud Financials Case Study. International Journal of AI, BigData, Computational and Management Studies, 3(3), 62-69. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I3P108
[62] Rahul, N. (2022). Enhancing Claims Processing with AI: Boosting Operational Efficiency in P&C Insurance. International Journal of Emerging Trends in Computer Science and Information Technology, 3(4), 77-86. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I4P108
[63] Enjam, G. R., & Tekale, K. M. (2022). Predictive Analytics for Claims Lifecycle Optimization in Cloud-Native Platforms. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(1), 95-104. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I1P110
[64] Karri, N., Jangam, S. K., & Pedda Muntala, P. S. R. (2022). Using ML Models to Detect Unusual Database Activity or Performance Degradation. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(3), 102-110. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I3P111
[65] Tekale, K. M. (2022). Claims Optimization in a High-Inflation Environment Provide Frameworks for Leveraging Automation and Predictive Analytics to Reduce Claims Leakage and Accelerate Settlements. International Journal of Emerging Research in Engineering and Technology, 3(2), 110-122. https://doi.org/10.63282/3050-922X.IJERET-V3I2P112
[66] Rusum, G. P. (2023). Secure Software Supply Chains: Managing Dependencies in an AI-Augmented Dev World. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(3), 85-97. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I3P110
[67] Jangam, S. K., & Karri, N. (2023). Robust Error Handling, Logging, and Monitoring Mechanisms to Effectively Detect and Troubleshoot Integration Issues in MuleSoft and Salesforce Integrations. International Journal of Emerging Research in Engineering and Technology, 4(4), 80-89. https://doi.org/10.63282/3050-922X.IJERET-V4I4P108
[68] Anasuri, S. (2023). Synthetic Identity Detection Using Graph Neural Networks. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(4), 87-96. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I4P110
[69] Reddy Pedda Muntala, P. S., & Karri, N. (2023). Voice-Enabled ERP: Integrating Oracle Digital Assistant with Fusion ERP for Hands-Free Operations. International Journal of Emerging Trends in Computer Science and Information Technology, 4(2), 111-120. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I2P111
[70] Rahul, N. (2023). Transforming Underwriting with AI: Evolving Risk Assessment and Policy Pricing in P&C Insurance. International Journal of AI, BigData, Computational and Management Studies, 4(3), 92-101. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P110
[71] Enjam, G. R., Tekale, K. M., & Chandragowda, S. C. (2023). Zero-Downtime CI/CD Production Deployments for Insurance SaaS Using Blue/Green Deployments. International Journal of Emerging Research in Engineering and Technology, 4(3), 98-106. https://doi.org/10.63282/3050-922X.IJERET-V4I3P111
[72] Tekale, K. M. (2023). Cyber Insurance Evolution: Addressing Ransomware and Supply Chain Risks. International Journal of Emerging Trends in Computer Science and Information Technology, 4(3), 124-133. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P113
[73] Karri, N., & Jangam, S. K. (2023). Role of AI in Database Security. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(1), 89-97. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I1P110
[74] Rusum, G. P. (2024). Trustworthy AI in Software Systems: From Explainability to Regulatory Compliance. International Journal of Emerging Research in Engineering and Technology, 5(1), 71-81. https://doi.org/10.63282/3050-922X.IJERET-V5I1P109
[75] Enjam, G. R. (2024). AI-Powered API Gateways for Adaptive Rate Limiting and Threat Detection. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(4), 117-129. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I4P112
[76] Rahul, N. (2024). Improving Policy Integrity with AI: Detecting Fraud in Policy Issuance and Claims. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 117-129. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P111
[77] Reddy Pedda Muntala, P. S., & Karri, N. (2024). Autonomous Error Detection and Self-Healing Capabilities in Oracle Fusion Middleware. International Journal of Emerging Research in Engineering and Technology, 5(1), 60-70. https://doi.org/10.63282/3050-922X.IJERET-V5I1P108
[78] Karri, N., & Jangam, S. K. (2024). Semantic Search with AI Vector Search. International Journal of AI, BigData, Computational and Management Studies, 5(2), 141-150. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P114
[79] Tekale, K. M., & Rahul, N. (2024). AI Bias Mitigation in Insurance Pricing and Claims Decisions. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 138-148. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P113
[80] Jangam, S. K. (2024). Advancements and Challenges in Using AI and ML to Improve API Testing Efficiency, Coverage, and Effectiveness. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(2), 95-106. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I2P111
[81] Anasuri, S. (2024). Secure Software Development Life Cycle (SSDLC) for AI-Based Applications. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 104-116. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P110.
