Reputation: 117
Access control system with role management
I'm developing a generic access control system that can be used by many others. I'm reading through literature and I'm modeling it as a flat RBAC (role-based access control) loosely based on csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf
I wanted to know if there are good open-source implementations of this that I can take a look at. My concerns here are not to look at the backend storage aspect of this, but more about design aspects for an access control system.
I know the UNIX model is a very good way to look at it but I'm not sure if it can map to this system. I think the tricky part is to build it as a generic system which doesn't exactly have a lot of requirements.
Upvotes: 0
Views: 43
Answers (1)
Reputation: 5721
You need to be more specific about the resource you are trying to regulate your access to. The canonical way in UNIX is to use users and groups. In general it does the trick but oftentimes is not very convenient to use (for example, one has to take extra steps to ensure that the group ID of a newly created file is set to a specific ID of many).
For general-purpose flexible (sometimes too flexible) access control on a per-user per-application per-file basis, there is SELinux.
For something less involved but still more flexible than traditional file access modes, there are ACLs
Upvotes: 1
Related Questions
- How to implement role-based access control Java/MySql?
- Manage User and Roles
- Designing a role based access control with support for relations
- RBAC system with two parameters
- How to design a hierarchical role based access control system
- Is my Role Based Access Control a feasible solution?
- How to implement a group & role based permission system?
- Design review - Performance and Scalability concerns for a role based access system
- Implementing RBAC functionality in UNIX
- role based access