Shulou(Shulou.com)06/01 Report--

The main content of this article is to explain "what is rbac". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn what rbac is.

Introduction to 1.RBAC

RBAC (Role-based access control) is a role-based access control (Role-based access control,RBAC), it is a relatively new and widely used access control mechanism, this mechanism is not to directly grant permissions to users, but to give permissions to roles.

The RBAC permission model classifies users by role, and determines whether the user has the right to operate on a resource through the role of the user. RBAC simplifies the management of users and permissions. It associates users with roles, roles and permissions, permissions and resources. This mode makes user authorization management very simple and easy to maintain.

The proposal of 2.RBAC

Permissions and roles can be found in commercial computer programs in the early 1970s, but the early programs were relatively simple, and there was no clear, universal, recognized rights management model.

Ferraiolo and Kuhn proposed a general role-based access control model in 1992 (it seems that this model is older than Songge). For the first time, the RBAC permission model is proposed to replace the traditional MAC and DAC access control schemes, and the related concepts in RBAC are explained.

Ferraiolo,Cugini and Kuhn extended the privilege model proposed in 1992 in 1995. The main function of this model is that all access is made through roles, and roles are essentially a collection of permissions, and all users can only obtain permissions through roles. In an organization, roles are relatively stable, with a large number of users and permissions, and may change rapidly. Therefore, controlling permissions through roles can simplify the management and inspection of access control.

In 1996, Sandhu,Coyne,Feinstein and Youman formally put forward the RBAC model, which refines RBAC in a modular way, and puts forward four different RBAC0-RBAC3 models based on this theory.

Today, most information technology suppliers have incorporated RBAC into their product lines. In addition to conventional enterprise applications, RBAC is also widely used in medical, national defense and other fields.

The three principles of 3.RBAC are minimum permissions: the permissions assigned to roles are the minimum set of permissions they need to complete their tasks. Separation of responsibilities: accomplishing tasks together through independent and mutually exclusive roles. Data abstraction: reflected by the abstraction of permissions, the degree of data abstraction supported by RBAC is related to the implementation details of RBAC. 4.RBAC model classification

When it comes to RBAC, we have to start with its model classification.

4.1 RBAC0

RBAC0 is the simplest model of users, roles, and permissions. RBAC0 is the core part of the RBAC permission model, on which other models are built.

The picture is from the Internet.

In RBAC0, a user can have multiple roles, a role can have multiple permissions, and the permissions that the end user has is the combination of the permissions of the roles that the user has.

4.2 RBAC1

On the other hand, RBAC1 introduces role inheritance on the basis of RABC0, which makes the role have a superior-subordinate relationship.

The picture is from the Internet.

In the previous articles in this series, Brother Song has also introduced role inheritance in Spring Security many times.

4.3 RBAC2

RBAC2 also extends on the basis of RBAC0, introducing static separation of responsibilities and dynamic separation of responsibilities.

The picture is from the Internet.

To understand the separation of responsibilities, we must first understand that roles are mutually exclusive.

In actual projects, some roles are mutually exclusive and opposite. for example, the role of finance generally cannot be held at the same time as other roles, otherwise it would be great to submit your own accounts for examination and approval.

This problem can be solved through the separation of responsibilities:

Static separation of responsibilities

Restrictions are made in the setup phase. For example, the same user cannot grant mutually exclusive roles, the user can only have a limited number of roles, and the user must have low-level permissions before obtaining advanced permissions, and so on.

Dynamic separation of responsibilities

Restrict during the run time. For example, only 2 roles can be activated in 5 roles of the same user at run time.

4.4 RBAC3

Combine RBAC1 and RBAC2 to form RBAC3.

The picture is from the Internet 5. Expansion

Many of the permission models we see every day are extended on the basis of RBAC.

For example, in some systems we can see the concept of user groups, that is, users are grouped into groups, and users have their own roles and grouped roles at the same time.

At this point, I believe you have a deeper understanding of "what rbac is", might as well come to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.