This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
RBAC How are roles different from groups
RBAC How are roles different from groups

Version management

Difference between version and

At line 1 added 25 lines
!!! [RBAC] How are roles different from groups?
There is a superficial similarity between RBAC roles and traditional groups. As normally implemented, a group is a collection of users, rather than a collection of permissions, and permissions can be associated with both users and the groups to which they belong.
The ability to tie permissions directly to users in a group-based mechanism is regarded as a "loophole" that makes it difficult to control the user-permission relationships.
! Strict [RBAC]
Strict RBAC requires all access through roles, and permissions are connected only to roles, not directly to users.
! Indirection that Separates
The [role], as it is an indirection that separates users from fine grained [permissions] is more stable than the group concept. This level of indirection also allows more flexibility within the assignment of permissions by the ability to perform functions or [RBAC constraints] and [RBAC Hierarchical].
As an example, changing the [ACLs] assigned to a Group, would require the assignment be assigned directly (or indirectly) to each user that is a member.
! Concept of a Session
Another aspect of [RBAC] that distinguishes it from traditional group mechanisms is the concept of a session, which allows dynamic activation of a subset of [roles] assigned to a user based on their current activity.
! Core RBAC
Core RBAC also allows those systems with a robust group/ACL mechanism that supports the construction of a many-to-many relation among users and permissions.
!!![Groups Are Bad|Groups Are Bad]
[Groups Are Bad|Groups Are Bad]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop