What RBAC that?
Role-based access control (Role-Based Access Control) as the traditional access control (Discretionary Access, Mandatory Access) instead of promising received widespread attention.
In RBAC, permissions associated with the role, by becoming a member of the appropriate user roles and permissions to get those roles. Greatly simplifies administrative privileges.
RBAC support three well-known security principles: principle of least privilege principle of separation of duties, data abstraction principle .
(1) because RBAC can be configured to the user's role user to complete a minimum set of permissions required for the task.
(2) may be sensitive to jointly complete the task by calling the independent mutually exclusive roles.
(3) to reflect the principle of data abstraction by abstract rights. eg: abstract authority finance operating loans, deposits, etc., without actually operating system provides read, write, and execute permissions.
The focus is on the relationship between RBAC Role, and User, Permission of.
Become a User assignment (UA) and permission assignment (PA) relationship of both sides are Many-to-Many relationship. That many relationships.
a session element is more obscure in the RBAC. Each session is a mapping of a user to more role mappings. When a user activates all his characters a subset of, the establishment of a session. associated with each user and a single session, and each user can be associated with one or more session.
Group concept
In the RBAC system, User is actually playing the role (Role), can be used to replace Actor User. At the same time the Group introduced the concept of RBAC. Group can be seen as Actor. User will correspond to a specific person. Group introduced the concept of roles can solve the same people, you can also solve the problem of authorized organizations. ( RBAC in the Group and the Group GBAC different : GBAC used for the operating system, and his Group directly associated rights, in fact RBAC also draws on some of the concepts of GBAC.)