RBAC: Role-based access controls (role-based access control)

This article only discusses the different points of two role-based access control, and does not involve the design of the database.

Role-based access controls (role-based access control) can be divided into implicit role access control and explicit role access control.

Implicit role access control: There is no explicit definition of what executable behavior a role contains.

Explicit role access control: Also known as "resource-based access control", because the granularity of this permission design is refined to the resource level, there are many kinds of resources, such as database table additions and deletions, URLs, menus, buttons and so on.

Consider an example of an implicit role access control:

if (User.hasrole ("Project Manager"){    //page displays a button else     {//page does not display a button }

If the requirement changes and another role is to display the button, then the above code must be changed to:

if user.hasrole ("Department Manager") ) {    //page displays a button else  {    //page does not display a button }

And if there are other characters then, imagine how bad this kind of permission is designed to be.

Let's look at an example that shows role access control (resource-based access control):

if (User.ispermitted ("projectreport:view:12345")) {    //page displays a button else  {     //page does not display a button }

If the current needs change, then as long as the role of the corresponding set of permissions to add "projectreport:view:12345" This resource access, more than the implicit role access to modify the source code is much more convenient.

Reference article: http://www.thinksaas.cn/topics/0/150/150841.html

RBAC: Role-based access controls (role-based access control)