Geek Answers Handbook

The difference between operations and RBAC permissions

I am developing a common user management system using role-based access control (RBAC) because I could not distinguish between the operation table and the permission table (that is, after reading many articles).

"An object can have several roles. A role can have several objects. A role can have many permissions. A permission can be assigned many roles. Operations can be assigned many permissions. You can assign a permission for many operations. "

en.wikipedia.org/wiki/Role-based_access_control

can anyone give a simple example to distinguish them?

+7
source share
3 answers

The RBAC standard does not apply to operations, but only to users, roles, and permissions. I believe that the operations you are talking about are part of the specific implementation that you are using. They are probably the way to implement the resources in your solution.

To execute / access a resource, permission is required. Permissions are assigned to roles, and resources require a set of permissions.

Take, for example, the case of a simple control system. There are many users (store employees) and many roles, including cashier operator . This role gives users one permission, scan items . This permission is required by the item.scan() operation, as well as the item.cancel() operation.

+2
source

Permission - approval of the access mode to the resource.
Resource - a system object or operation that requires limited access.

0
source

In RBAC, permission is a mapping between objects and operations.

For example:

customer123 <--- this is an object

read, write, update, delete <--- these are operations

and these are the possible permissions:

customer123.read, customer123.write, customer123.update, customer123.delete

In RBAC, permissions are then granted to roles. Thus, one role can be:

Users

and got customer123.read

and another role could be:

Administrators

who have been granted permissions customer123.write, customer123.update

etc.

0
source

More articles:


All Articles