Skip to content

Core rbac support

Jump to bottom
rcosnita edited this page Sep 28, 2011 · 14 revisions

Core RBAC Introduction

In this document you can find all information about RBAC core components and the way they will be implemented in this project. Some of the information found here are extracted from RBAC standard proposal belonging to NIST http://www.nist.gov.

Overview

Core RBAC overview

RBAC Requirements

RBAC Core Requirements #1

RBAC Core Requirements #2

Each RBAC compliant implementation must support all mathematical formulas described above.

RBAC ERD

In this section you can find the high level entities and their relations. This data model supports all RBAC core requirements.

Core RBAC data model

RBAC Core Functional Requirements

  1. System must provide support for managing new users.
  2. System must provide support for managing new roles.
  3. System must provide support for managing new objects.
  4. System must provide support for managing new operations.
  5. System must provide support for managing new permissions.
  6. System must provide support for assigning users to roles.
  7. System must provide support for obtaining all users belonging to a role.
  8. System must provide support for assigning permissions to roles.
  9. System must provide support for obtaining all permissions assigned to a role.
  10. System must provide support for obtaining all operations assigned to a permission.
  11. System must provide support for obtaining all objects assigned to a permission.
  12. System must provide support for starting a new user session.
  13. System must provide support for stopping an user session.
  14. System must provide support for obtaining all sessions belonging to a user.
  15. System must provide support for obtaining all roles belonging to a specified session.
  16. System must provide support for obtaining all permissions available within a specified session.
  17. System must provide support for adding an active role to an active session.
  18. System must provide support for removing an active role from an active session.
  19. System must provide support for checking if a permission is enabled within a session or not.

Examples

The terminology used in RBAC standard might often be confusing. This is why in this section you can define possible candidates for each component of Core RBAC within ecommerce domain:

  1. User
    • A visitor might be an user.
    • A customer might be an user.
    • An administrator might be an user.
    • A crawler belonging to product search engines might be a user.
  2. Role
    • Anonymous
    • Customer
    • Customer with PayPal
    • Customer with Credit Card
    • Customer with Amazon Gift Card
  3. Object
    • A product
    • A web page
    • A portlet
    • A service
    • An url
    • A credit card
    • A paypal account
  4. Operations
    • View
    • Pay by
    • Give
    • Offer
    • Validate
  5. Permissions
    • View page
    • View portlet
    • Pay by credit card
    • Pay by pay pal
    • Give discounts
    • Offer phone support
    • Validate order
    • View invoices

The examples above should clarify the domain model created for RBAC core requirements.

Clone this wiki locally