Is there any open-source, PHP based
, role-based access control system that can be used for CodeIgniter
?
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.
Technical – assigned to users that perform technical tasks. Administrative – access for users that perform administrative tasks.
3 Primary Rules for RBAC:Role assignment: A user can exercise a permission only if the subject has been assigned a role. Role-based authorization: A user's active role must be authorized. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.
Benefits of RBAC Security: RBAC improves overall security as it relates to compliance, confidentiality, privacy, and access management to resources and other sensitive data and systems. Selective access: RBAC systems can support users having multiple roles at the same with specific permissions for each role.
Maybe I'm misunderstanding the question, but isn't the whole point of Role-Based Access Control (RBAC) to avoid Access Control Lists (ACLs)?
RBAC differs from access control lists (ACLs) (...) in that it assigns permissions to specific operations with meaning in the organization, rather than to low-level data objects. For example, an access control list could be used to grant or deny write access to a particular system file, but it would not say in what ways that file could be changed. In an RBAC-based system, an operation might be to create a 'credit account' transaction in a financial application (...). The assignment of permission to perform a particular operation is meaningful because the operations are fine-grained and themselves have meaning within the application. (Quote: Wikipedia)
I don't know the specifics on Zend_ACL or the other implementations mentioned, but if they are ACL-based, I would not recommend using them for role-based authorization.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With