RBAC vernacular Introduction

RBACThere are many models, the simplest of which isCore RBAC.To put it bluntlyUserUser, RoleRole, PermissionLicense Three objects.

LThe role has multiple operation licenses.

LThis operation is available when a user is assigned a role.

InProgramHow can this problem be achieved? Very simple.

First, we have a series of operations, suchOpen File, close file, save file. InCodeThere are some methods.

Then we have multiple roles, suchManager, worker.

The relationship between them is as follows, generally written in the configuration file or stored in the database.

When performing permission verification, you can check whether the user's role contains the permission of this action.

Class Rbca
{
Dictionary < String , String > Usertorole =   New Dictionary < String , String > ();
Dictionary < String , List < String > Roletopermission =   New Dictionary < String , List < String > ();

PublicRbca ()
{
//Initialize manager Permissions

StringManager= "Manager";

List < String > Managerlist =   New List < String > ();
Managerlist. Add ( " Openfile " );
Managerlist. Add ( " Closefile " );
Managerlist. Add ( " SaveFile " );

// initialize worker permissions

string worker = " worker " ;

List string > workerlist = New List string > ();
workerlist. add ( " openfile " );

roletopermission. Add (Manager, managerlist);
roletopermission. Add (worker, workerlist);

// initialize the role of pixysoft

string User = " pixysoft " ;< br> usertorole. add (user, manager);
}

Public void openfile ( string User)
{< br> string role = usertorole [user];

// check permissions

If ( ! roletopermission [role]. contains ( " openfile " )
return ;

console. write ( " open file succeed! " );
}

Public void closefile ( string User)
{< br> string role = usertorole [user];

// check permissions

If ( ! roletopermission [role]. contains ( " closefile " )
return ;

console. write ( " closefile succeed! " );
}

Public void SaveFile ( string User)
{< br> string role = usertorole [user];

// check permissions

If ( ! roletopermission [role]. contains ( " SaveFile " )
return ;

Console. Write ("SaveFile succeed!");
}
}

A super simple RBACBut there is no practical value. I will useAOPIdea to implement this permission system.

RBAC Advantage and disadvantage Analysis

Advantages:

LEasy-to-use and efficient authorization Methods : When you authorize a role, you only need to authorize the role, and then assign the role to the user.

LSimple and efficient Authorization Model Maintenance : Technically, the maintenance of the authorization model is simple and efficient because only the associated model needs to be maintained.

Disadvantages:

LComplex permission Verification : During permission verification, you must constantly traverse and pass the Rules, resulting in performance impact.

LInsufficient support for data Permissions : Without a clear data permission model, we can see that the reconstructed data permission model has beenRBACThe model has certain discrepancies, and it is very inefficient to verify data permissions.

References

Http://www.blogjava.net/BlueDavy/archive/2005/05/18/4745.html

http://www.blogjava.net/renyangok/archive/2006/12/06/85838.html