CODEWITHSUNDEEP
rbac
Gazaz
Gazaz

Reputation: 167

difference between operations and permissions on RBAC

I'm developing a generic user management system using role based access control(RBAC) were i couldn't distinguish between the operations table and the permissions table(that is after reading so many articles).

"A subject can have multiple roles. A role can have multiple subjects. A role can have many permissions. A permission can be assigned to many roles. An operation can be assigned many permissions. A permission can be assigned to many operations."

en.wikipedia.org/wiki/Role-based_access_control

can anyone please give a simple example to distinguish between them?

Upvotes: 8

Views: 3487

Answers (3)

Shawn McKinney
Shawn McKinney

Reputation: 318

In RBAC a permission is a mapping between objects and operations.

For example:

customer123 <--- this is an object

read, write, update, delete <--- these are operations

and these are the possible permissions:

customer123.read, customer123.write, customer123.update, customer123.delete

In RBAC, the permissions are then granted to roles. So one role might be:

Users

and have been granted customer123.read

and another role might be:

Admins

which have been granted permissions customer123.write, customer123.update

and so on

Upvotes: 1

wobbleyheadedbob
wobbleyheadedbob

Reputation: 1

Permission - An approval of a mode of access to a resource.
Resource - System object or operation that requires restricted access.

Upvotes: 0

user513418
user513418

Reputation:

The RBAC standard doesn't refer to operations, but only deals with users, roles, and permissions. I suppose that the operations you're referring to are part of the specific implementation you're using. They probably are the way resources are implemented in your solution.

A permission is what is needed to execute/access an resource. Permissions are assigned to roles, and resources require a set of permissions.

Let's take, for example, the case of a simple till management system. There are many users (the store's employees), and many roles, including cashier operator. That role gives the users one permission, scan items. Such permission is required by the operation item.scan(), and also by the operation item.cancel().

Upvotes: 2

Related Questions