RBAC question

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

RBAC question

Postby alikim » Thu Oct 09, 2008 2:26 pm

Hi,

I'm very new to RBAC so any help, links or examples will be appreciated...

My implementation of RBAC now works as follows:

When a site visitor submits a form, say with his personal data, he starts an action i.e. person_update.

Judging by the visitors and the person's ids the visitor is assigned a role, say 'owner' and gets permission to update the record.

Also, this action person_update can be started by somebody who has a role of 'admin' or 'moderator'.

The problem is that 'owner' can not change some DB record fields like his own login name and 'admin' or 'moderator' can. So I somehow need to get control over a particular DB field.

So the question is: is it possible to do inside RBAC model by creating new roles/actions and without implementing CRUD matrix for each field in DB?

Thank you,
alikim
 
Posts: 1
Joined: Thu Oct 09, 2008 2:20 pm

Re: RBAC question

Postby grsuser » Mon Jun 22, 2009 8:28 pm

creating new roles/actions is good idea, but I think it is not easy for RBAC by now.
grsuser
 
Posts: 1
Joined: Mon Jun 22, 2009 8:24 pm


Return to RBAC policy development