RBAC (Role-Based Access Control)

Others 2019-07-19 08:49:29 views: null
 

1 Introduction editor

RBAC support three well-known security principles: the principle of data abstraction and principle of least privilege, separation of duties.
(1) The reason why the principle of least privilege is supported by RBAC, RBAC is because it can be configured to minimize the role of its set of permissions required to complete the task.
(2) the principle of separation of duties can be embodied by calling the independent mutually exclusive roles together to complete a sensitive task, such as requiring a financial accounting staff and administrators were involved in the same posting.
(3) data abstraction can be embodied by abstract rights, such as financial operations with abstract authority loans, deposits, etc., rather than the operating system provides a typical read, write, and execute permissions. However, these principles must be reflected by detailed RBAC configuration to each component.
Many RBAC member (BUCU), which makes the management of multi-faceted RBAC. In particular, we want to split these issues to discuss: assigning users and roles; assign roles and permissions; assign roles and role will be to define the role of inheritance. These activities require the users and permissions linked. However, they are best done by different administrators or administrative role in many cases. It is the responsibility of the role assign permissions typical application manager. Banking application, to assign borrowings, operating authority to deposit the cashier role to assign permissions to approve the loan operations manager role. And the specific personnel assigned to the appropriate role of the cashier and manager role is a category of personnel management. Roles and role assignments include user and role assignments assignments, roles and privileges of some of the features. More generally, the relationship between roles and role reflects a broader strategy.
 

2 Basic concepts of editing

RBAC actually think Authorizing Who, What, How the problem. In the RBAC model, who, what, how access rights constitute a triad, ie "Who of What (Which) How to operate in."
Who: rights owned by the person or body (such as Principal, User, Group, Role, Actor, etc.)
What: permission for an object or resource (Resource, Class).
How: specific permissions (Privilege, positive and negative authorization authorization).
Operator: operation. What the show How to operate. That is, Privilege + Resource
Role: a collection of roles, permissions of a certain number. The rights assignment unit and the support, the aim User and isolation logic of Privilege.
The user unit with the carrier group, the permissions assigned: Group. Permissions are not considered assigned to a specific user and to the groups. Group may include groups (to achieve inheritance rights), may also contain user, group of users inherit permissions within the group. User and Group is the many to many relationship. Group can be hierarchical, in order to meet the requirements of different levels of access control.
The focus is on the relationship between RBAC Role, and User, Permission of. Called User assignment (UA) and Permission assignment (PA). Relationship between the left and right sides are Many-to-Many relationship. That is, user can have multiple role, role may include a plurality of user.
We know who used RDBMS, n: m relationship requires an intermediate table to hold the relationship between the two tables. This UA and PA is equivalent to the intermediate table. In fact, the entire RBAC is based on the relational model.
Session is a relatively obscure element In RBAC. Said standard: is a mapping of each Session, a user to more role mappings. When a user activates all his characters a subset of, the establishment of a session. Session and associated with each individual user, and each User may be associated to one or more Session.
In the RBAC system, User is in fact playing the role (Role), can be used to replace Actor User, this idea comes from the Business Modeling With UML book Actor-Role model. Taking into account people can have the same privileges, RBAC introduces the concept of Group. Group is also seen as Actor. The concept of User on the concrete to a person.
Here and in Group GBAC (Group-Based Access Control) Group (Group) different. GBAC used for the operating system. In which the Group directly and associated rights, in fact RBAC also draws on some of the GBAC concepts.
User Group and all related institutions and organizations, but not the organization. Both conceptually different. Organization structure is an abstract model of the company's physical presence, including departments, people, jobs, etc., and permissions model is a description of abstraction. Structure generally be modeled or Party mode Martin fowler of responsibility.
Relationships Party mode Person and User, and each Person may correspond to a User, but not all of the User may have a corresponding Person. Department department or organization in the Organization Party, may correspond to the Group. Conversely Group does not necessarily correspond to an actual mechanism. For example, there may be deputy manager of the Group, which is more than the same duties.
Group to introduce this concept, in addition to multiplayer role to solve the same problem, but also to solve the problem another authorized organization: for example, A department news I hope that all people can see the A department. With such a division A corresponding Group, can be directly granted to the Group. [1] 
 

3 Model Editor

RBAC96 model

1, the basic model RBAC0 model
Definitions: RBAC0 model is determined from the following description:
U, R, P, S denote the set of users, a set of roles, and the permission set session collection.
PA P × R represents the relationship between the assigned role and permission-many.
UA U × R represents many relationship between the user and the assigned role.
User: S → U each session to a single user User si (si) mapping function (lifecycle constant represents the session).
Role: S → 2 each session to the character subset si roles (si) {r | user (si, r ') ∈UA} (can change over time) of the mapping function, there si session permission Ur∈roles (si ) {p | (p, r ') ∈PA}.
When using RBAC0 model, you should ask permission for each and every user should at least be assigned to a role. Permission two roles are assigned exactly as possible, but still two completely separate roles, users have a similar situation. Appropriate role can be seen as a semantic structure, is the basis for formal access control policy.
RBAC0 the permission process is not non-interpretation of symbols, because its precise meaning can only be achieved by a determined and related systems. RBAC0 permission can only be applied in data and resource objects, but can not be applied to a component of the model itself. Modified set of U, permissions R, P, and the relationship between a UA and PA called rights management, to be described later RBAC administrative model. Therefore, in RBAC0 assumed that only the security administrator can modify these components.
A session is controlled by a single user in the model, the user can create a session, and there is a certain subset of activating the role of the user's choice. Role in the activation of a session by the user's decision to terminate a session is initiated by the user. RBAC0 are not allowed to create another session of a session, the session can only be created by the user.
2, hierarchical role model RBAC1
Definitions: RBAC1 determined by the following
U, R, P, S denote the set of users, a set of roles, and the permission set session collection.
PA P × R represents the relationship between the assigned role and permission-many.
UA U × R represents many relationship between the user and the assigned role.
RH R × R to R is a partial order relation, called character level or dominant role relationships, ≥ notation can also be used.
User: S → U each session to a single user User si (si) mapping function (lifecycle constant represents the session).
Role: S → 2 each session to the character subset si roles (si) {r | (r'≥r) [user (si, r ') ∈UA]} (can change over time) of the mapping function, the session si there permission Ur∈roles (si) {p | (r''≤r) [(p, r '') ∈PA]}.
3 , limiting model RBAC2
RBAC2 model is formed to increase the limit RBAC0 model, it is not compatible with RBAC1. RBAC2 defined as follows:
Definitions: In addition to increasing the number of constraints in RBAC0 outside, RBAC2 is unaltered from RBAC0, these restrictions are for determining whether the values of the respective components RBAC0 is acceptable, only those acceptable values are permissible .
RBAC2 introduced restrictions may be applied to all components and relationships RBAC0 model. Exclusive limit the role of a fundamental limitation when the RBAC2, exclusive role is the role of two grams of a respective competencies of each other constraints. For this type of role a user is assigned a role which can only in a single event, can not obtain the right to use the two roles.
For example, the audit activities, a role can not be assigned to the role of auditors and accounting roles. Another example, in the company, the role of the manager and assistant manager are also mutually exclusive, the contract signed by the manager or check only, can not be signed by the vice president. In RBAC2 model for the establishment of the company, the user can not have both a manager and deputy manager of two roles. Summary limit exclusive model can support the realization of the principle of separation of powers and responsibilities.
More generally, the exclusive restriction can be controlled in different combinations of roles in the user's membership is acceptable. For example, a user can be both a programmer Project A, may be the inspector testers and project B C project, but he can not become the same project of the three roles. RBAC2 model can be limited to this case.
Another example is a user-assigned limit its role to limit the maximum number of members, which is known to limit the role of the base. For example, the top leadership of a unit can only be one person, the number of middle-level cadres is limited, the number of users assigned to those roles once exceeded the limit the role of the base, it is no longer accepting new users of the rationing.
Limiting the role of the minimum base to implement some difficulties. For example, if the specified minimum number of users take up a role, the question is how the system can know the occupants of a person does not disappear at any moment, if disappears, the system and how to do it.
When assigning a role to a user A, and in some cases it requires that the user must be a member of the role of B, B to become role role role A prerequisite of. The concept of the role of precedent (PrerequisiteRoles) comes from the ability and adaptability. Prerequisite for absolute limits become prerequisite limit. A common example is an associate professor of mathematics should be promoted from lecturer in mathematics lecturer is an associate professor of prerequisite roles. But in the actual system, the incompatibility between the role of precedent restrictions may also occur.
In Figure ap08-03 may be restricted only members of the project are eligible to assume the role of programmers, usually in a system, the role of precedent is lower than the level of some of the newly assigned role. But in some cases, but only when the user is not required a special role to another role as A. For example, you need to perform when required to do so avoidance strategy, for example, the group members should not be members of the results of the project appraisal committee. Such restrictions may be extended to the license terms.
Because a user with the role will be linked to the session, so the session can impose restrictions. For example, a user may be allowed to be assigned to two roles, but not at the same time the user activates the two roles. Further, a user may also limit the number can be activated at the same time of the session, a corresponding number of licenses assigned to the user in an active session limit may be applied.
The aforementioned concept of inheritance can be considered as a limitation. Permissions are assigned to lower-level roles, but also must be assigned to all higher-level roles that role. Or equivalent, the user is assigned to a higher-level role must be assigned to all subordinate role that role. So that sense, RBAC1 model is redundant, it is included in the RBAC2. But RBAC1 model is relatively simple, can make the concept clearer inheritance instead of restrictions.
It can be implemented as a function implementing the limit, when the specified role for the user or for the role assignment permission to call these functions be checked to determine the allocation meets the requirements limiting the results returned by the function, usually only to those who can be effectively checked and those Some simple restrictions convention of giving achieve, because these limits can be maintained for a longer time.
Limit the effectiveness of the mechanism of the model based on only a unique identifier for each user based on the actual system support if a user has more than identifier, restrictions will be invalid. Similarly, if you have permission to be two or more operations than the same accurate, then, RBAC system can not implement the basic restrictions and strengthening of separation of duties and restrictions. Thus requiring the user identifier thereto, and the correspondence between the operation corresponding to the license.
4, unified model RBAC3
RBAC3 the RBAC1 and RBAC2 combined together to provide grading and the ability to inherit the role. But these two concepts together also caused some new problems.
Restrictions may be applied to character level itself, due to the hierarchical relationship between the role of partial order, such restrictions are essential for the model, and this may affect the partial order. For example, additional restrictions may limit the number of a given role due to the subordinate role.
Two or more roles by the public may be limited to no superior or subordinate role role. These types of limitations in the case of the concept of the role of rating authority has been decentralized useful Oh, but still want to be in charge of security restrictions on the method allows all of these changes.
Also have sensitive interplay between the regulation and the role of rating. Figure ap08-03 in the environment, the project members may not simultaneously assume the role of programmers and testers, but the location of the project in which the administrator is clearly a violation of the restrictions. In some cases i violation of such restrictions by a high-level role is acceptable, but in other cases they do not allow such violations occur.
From the point of view of the strict rules of the model should not be allowed to be in some cases and in other cases are permissible. A similar situation also occurs in the restriction on base. Assumed to limit a user can assign up to a role, then assigned to a figure of testers can not do this limitation? In other words, the base limit is not only for direct members, it also can be applied to inherited members?
The concept of private roles can explain these limits are useful. Also in Figure ap08-03 environment, it is possible to testers 'programmers' and project managers three characters described as mutually exclusive, they are at the same level, there is no common superior role, the administrator role does not violate each other exclusion limit. No public role between superiors usually private roles and other roles, because they are the largest element of this level, so mutually exclusive relationship between private roles can be no conflict of definition.
The same portion between the various private role can be described as having a maximum technical limitations 0 members. According to this method, the tester must be assigned to the testers' this role, and the role of testers will serve as a tool to share with the Administrator role permissions.

ARBAC97 model

ARBAC97 model is role-based management model role, consists of three parts:
URA97: user - role assignment. The assembly involves a user - UA assignment relationship management, the relationship with the user associated with the role. The right to amend this relationship is controlled by administrative roles so that members of the administrative role of the right to manage membership in formal roles. The user is designated as a management role is done outside URA97, and assumed to be done by the security officer.
PRA97: permission - role assignment. This component involves role - permission assignment and revocation. From the point of view of the role of users and permissions have similar characteristics, they are linked by the role of physical reality. Therefore, the PRA97 seen as dual components of URA97.
RRA97: Role - role assignment. In order to facilitate the management of roles, on the role and classified. The role of the components involved class 3, which are:
  1. Capacity (Abilities) role - permission to enter, and the ability to make other members of the role.
  2. Groups (Groups) role - only users and other groups as members of a class of roles.
  3. UP- role - represents the user's role and permissions, these roles is no limit to its members, members can make users, roles, permissions, ability, group, or other UP- roles.
The main reason is the difference between these three models can be applied to different management models to establish relationships between different types of roles. The first is the distinction between motivation consideration of capacity, capability is a set of permissions, you can put all the permissions in the collection as a unit assigned to a role. Similarly, the group is a collection of users, you can put all the permissions in the collection as a unit assigned to a role. The ability to group and role seems to be divided into classes.
In a UP- role, whether a capability is a member of its role is determined by the UP- whether the ability to govern, if domination is, otherwise it is not. Conversely, if a character is dominated by a group UP- role, then this group is a member of the UP- role.
Research on ARBAC97 management model continues among capacity - assigned to the group - Formal assignment has been completed, the results of research on the UP- role concept has not yet been formalized. [2] 

DRBAC

DRBAC is distributed RBAC model in a dynamic environment alliance.
DRBAC different from the previous trust management and RBAC method is that it supports three features:
1. third-party assignment: If an entity is authorized to assign the assignment, you can assign a role other than its name space.
2. Digital Properties: access through a mechanism to adjust the value of the allocation process and related roles.
3. Monitoring assignment: sub structure of the trust relationships established with continuous monitoring pub / tracking can be canceled assigned state.
DRBAC environment is under allied control access to resources by the question leads. "Alliance environment" can be a military working together to achieve a common goal in several countries, or a few commercial partner. Alliance defined environment is characterized by the presence of multiple organizations or entities with no common trusted authority. In this case, the entity while protecting their respective resources must also collaborate to share part of the protected resources necessary for the alliance. Internet network services to make this demand growth is widespread.
DRBAC combines the advantages of RBAC and trust management system that is both flexible management system but also dispersed, scalable implementation. DRBAC expressed in terms of the role of controlled behavior, the definition of the role of domain trust in one entity and can pass this role will be assigned to other roles different trust domains. DRBAC use PKI to identify all sensitive operations and trust-related entities and confirm assignment certificates. Mapping of roles to authorized namespace avoids the need to recognize additional strategies roots.
 

4 License Configuration Editor

License configuration instructions

Elements of role-based access control includes basic definitions users, roles, permissions and so on.
In RBAC, users can access the data is a stand-alone computer system, or other resources with the main data representation. A role is an organizational task or job or position, it represents a right, title and responsibilities. License (privilege) is to allow the operation of one or more object execution. A user may be authorized to have multiple roles, a role constituted by a plurality of users; Each character can have a variety of licenses, each license may be issued to a number of different roles. Each operation may be applied to a plurality of objects (controlled objects), each object can accept a plurality of operations.
User tables (USERS), including user ID, user name, user login password. User table is a set of individual user system, with the user to add and delete dynamic changes.
Roles table (ROLES) including the role of identity, the role name, role base, identify the roles available. Role system table is a set of roles, roles defined by the system administrator.
Object table (the OBJECTS) including object identification, object name. The object table is a collection of all the controlled system objects.
Operators operating table (OPERATIONS) includes an operation identifier, an operation Operator name. Operator system operator controlled all the objects constituting the operator operating table.
Licensing table (PERMISSIONS) includes a license ID, license name, controlled object, operation identifier. License table giving the correspondence with the operation of the controlled object Operator.
Role / licensing table including the role of identity, license ID. System administrator to assign roles or cancel the license management roles / licensing table.
The basic idea of ​​RBAC is: the user authorized to access, usually determined by the role played by the user in an organization. RBAC permissions are granted to the role, the role is granted to the user, the user is not directly associated with the license. RBAC authorization to access the unified management by the administrator, RBAC role to which the access authorization and control, authorization based on user requirements within the organization is imposed on the user, the user can not autonomously access to others, this is a kinds of non-autonomous centralized access control. For example, in the hospital, the doctor can prescribe this role, but he has no right to pass nurse prescribing authority.
In RBAC, user identification and authentication audit records are very useful for; but the real decision is access to the corresponding user role identification. Users can object to a necessary condition for executing access operations that the user is authorized certain roles, one of which is active at the current time, and the role of the object with the appropriate access rights. That is to RBAC role as the main access control, user what kind of role access to a resource, determine what the user can perform the operation.
ACL will be directly linked to the body and controlled object, and joined in the middle of RBAC roles, subject and object communication through role. Layered advantage is that when the body changes, simply modify the association between the body and the role without having to modify the object associated with the role.
 

Features editor 5RBAC model

Safety management in line with the needs of various organizations. RBAC model supports the principle of least privilege principle of separation of duties, these principles are the management of any organization are needed. This makes RBAC model has broad application prospects.
RBAC model supports the principle of data abstraction and inheritance concepts. Due to the current mainstream programming languages ​​support object-oriented technology, this feature is easy to use RBAC to achieve in the real system.
It corresponds closely to the concept of the model and the actual system. RBAC concept of the role model, user and permissions are all real systems actually exist entity helps the designer to establish the existing RBAC model or system to be built.
RBAC model is still Rigging access control class model, is essentially an extension to the access matrix model can be a good solution distribution and control problems in the system body is kind of access control access rights, but the model does not provide information flow control mechanisms, but also We can not fully meet all the security requirements of information systems.
Although some people think that you can use RBAC to simulation-based grid access control system (LBAC), but RBAC to control the flow of information within the system is not intuitive, feature requires support from the model. For information about the scope of the principle of flow control in the fourth chapter, the reader will be further appreciated that this defect RBAC model.
RBAC model does not provide an operation sequence control mechanism. This flaw could allow RBAC model is difficult to apply those requirements on a strict order of operations of the entities of the system, for example, the control system of the steps required to purchase in the shopping control system, before the customer does not pay should not let him take away the goods. RBAC model requires that the control mechanism into the outer model to achieve.
RBAC96 model and RBAC97uanli models have deliberately avoided some problems, such as whether a user is allowed to re-create a new session of the session management model does not support the increase and delete user management and permissions, etc., need to be addressed without providing support issues, these issues are still under study, but the absence of these capabilities support the model and the application will also be affected. Instead, the matrix model provides users access and permission to modify the function, therefore, can not be said RBAC model can completely replace the access matrix model.
Original Address: https: //www.cnblogs.com/rongfengliang/p/3982011.html

Guess you like

Origin www.cnblogs.com/jpfss/p/11210631.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com