Prevent file-based attacks with effective role-based access control.

What is role-based access control?

Role-based access control (RBAC) is the technique of assigning access rights to the users in your organization based on their roles and the tasks they perform. This ensures that users and computers can have only access levels that they pertain to.

Why do we need role-based access control?

Malicious storage devices can facilitate numerous file-based attacks, such as the Read It Twice attack. Once an infected mass removable media is connected to a computer, it can alter that system’s file contents and lock down its files. Ensure that you don't overlook any unauthorized removable media trying to access your systems. Decide which devices require what access.

How role-based access control helps prevent file based attacks?

Assign access control based on roles.

Role-based access refers to the access rights that can be assigned to a user or a computer in an organization. The access rights include: set read-only permission, block copying of data from USB devices, and setting limited write access.

You may allow the marketers in your organization to have read-only access while financial analysts can have both read and write access to their respective computers, and a network administrator can be granted access to copy files from or to removable media.

Create systematic, repeatable assignment of permissions.

Analyze and understand the various roles that your organization needs. Create custom groups for different roles and assign the access rights that pertain to each role. Map these roles to appropriate users based on their roles and the tasks they perform. Save time by reusing these roles every time you want to add a new computer or user to this group.

Provide exclusive access to specific users.

Exclude usernames if you want to free them from a particular role-based access control group. The excluded users can use their login credentials to access computers and files, and override the machine-level policies.

Easily add, change, or withdraw file access permissions.

Easily register new employees or computers with the existing custom groups. Quickly add and change access permissions when required. Withdraw the access level of a user or a computer in case of suspicious activities.

Integrate third-party users by assigning them predefined roles.

Create a custom group for third-party users such as contractors, sub-contractors, and vendors. With role-based access control, you can set read-only access for them, and block them from copying any data from an external device to your computer to prevent intentional or unintentional malware attacks.

Benefits of role-based access control.

Improve your operational efficiency.

Implementing role-based access control keeps you from frequently changing system passwords whenever there is a role switch in your organization.

Comply with regulatory requirements effortlessly.

Regardless of the type of organization, it is crucial to effectively manage how data is accessed and used. Role-based access control allows you to stay compliant with regulations like GDPR, HIPAA, SOX, and more. 

Keep potential data breaches at bay.

By restricting access to sensitive information, your data is kept away from malicious and unintentional insiders. Deleting or modifying your data is no longer possible!

Cut down on the potential for error when assigning user permissions.

Systematic and repeatable policies prevent you from making errors while adding new users or computers to the network. Mapping a role is as easy as selecting a user name or computer name from the Windows Active Directory list.

Improve security with role-based access control.

Device Control Plus recommends enabling "set read-only permission" and "block file copy from external devices" by default to deny entry to unauthorized devices automatically. For instance, when a new hire tries to connect a device such as mobile phone to your endpoint, the role-based access control policy denies the access by default. Additionally, you can block USB usage on every computer for every employee, just by assigning a single policy.


To prevent file based attacks due to excessive access privileges, download a 30 day, free trial of Device Control Plus, and try out these features for yourself!