Open 1112zakaria opened 10 months ago
I would like to be able to define a set of resources that can be read/written to. I would like to define a set of roles that I can assign to users. Question: will the users only have one role or multiple roles? Is it a role if they can have multiple or is it now an attribute? I'm not sure...
I can use an integer, 0 for no access, 1 for write access, 2 for read access, 3 for read/write access
I will use RBAC (Role based access control). Why? I don't fuckign know.
Define a set of roles, define a set of resources, define a set of permissions for each resource on each role?
I am doing mandatory access control because: a security policy administrator defines, for every object (resource), which subjects have which permissions on it
I will use RBAC. RBAC is: RBAC. The idea of role-based access control (Figure 5.10) is that a user, represented as a subject, is assigned one or more roles in each active session. Each role is pre-assigned a set of permissions. A subject’s current roles then determine its permissions. This reflects how permissions are often assigned in larger organizations (enterprises)
Example:
I used a hierarchical approach to create the role classes. Makes it easy to grab all of a child role's permissions and then add extra permissions
Choose an appropriate access control model (DAC, MAC, RBAC, ABAC, or combination) to be used.