Role-based Authorisation

From Glitchdata
(Redirected from RBAC)
Jump to navigation Jump to search

RBAC is short for Role-Based Access Control, a system of controlling which users have access to resources based on the role of the user. Access rights are grouped by role name, and access to resources is restricted to users who have been authorized to assume the associated role.

RBAC differs from access control lists (ACL) by putting the emphasis on roles and their permissions rather than objects (resources).

For the purposes of this documentation:

  • an identity has one or more roles.
  • a role requests access to a permission.
  • a permission is given to a role.

Thus, RBAC has the following model:

  • many to many relationship between identities and roles.
  • many to many relationship between roles and permissions.
  • roles can have a parent role.



blog comments powered by Disqus