Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Role Based Access Control

Is there any open-source, PHP based, role-based access control system that can be used for CodeIgniter?

like image 866
jerichorivera Avatar asked Sep 22 '08 07:09

jerichorivera


People also ask

What is meant by role-based access control?

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.

What are the two types of role-based access control?

Technical – assigned to users that perform technical tasks. Administrative – access for users that perform administrative tasks.

What are the three primary rules for RBAC?

3 Primary Rules for RBAC:Role assignment: A user can exercise a permission only if the subject has been assigned a role. Role-based authorization: A user's active role must be authorized. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.

What is a benefit of role-based access control?

Benefits of RBAC Security: RBAC improves overall security as it relates to compliance, confidentiality, privacy, and access management to resources and other sensitive data and systems. Selective access: RBAC systems can support users having multiple roles at the same with specific permissions for each role.


1 Answers

Maybe I'm misunderstanding the question, but isn't the whole point of Role-Based Access Control (RBAC) to avoid Access Control Lists (ACLs)?

RBAC differs from access control lists (ACLs) (...) in that it assigns permissions to specific operations with meaning in the organization, rather than to low-level data objects. For example, an access control list could be used to grant or deny write access to a particular system file, but it would not say in what ways that file could be changed. In an RBAC-based system, an operation might be to create a 'credit account' transaction in a financial application (...). The assignment of permission to perform a particular operation is meaningful because the operations are fine-grained and themselves have meaning within the application. (Quote: Wikipedia)

I don't know the specifics on Zend_ACL or the other implementations mentioned, but if they are ACL-based, I would not recommend using them for role-based authorization.

like image 169
Jens Roland Avatar answered Oct 10 '22 21:10

Jens Roland