The Host Based Access Control (HBAC) defines which users can access specific hosts. This limits the access to specific device to a well defined group of users. However this access still is “Least Privileged Access“. Meaning that whichever requested access to the asset, this will only provide the least required to complete the task.

The Role Based Access Control (RBAC) provides access of the number of devices behind. So Host Based Access Control (HBAC) is specific to a device, with regards of the roles involved. One of the most common mistakes I’ve seen is granting Domain Admin, just because it does has access to all devices in the domain. This is the result of not having a Host Based Access Control model in place. Having a well designed HBAC model, we can grant access to one, some or even all devices within our environment, but keeping low the privileges. This model, in combination of the RBAC model are the Delegation Model strategy for our Active Directory.

This access control has Built-In groups, as it can be Administrators or Users. But this should not limit to those. The service provided by the device will tell us which access need to exist. Extending this access is the goal of the model.