Reputation: 183
Why we need permission on RBAC?
I looking for RBAC for laravel, then i found something like sentinel, entrust, etc...
RBAC usually have 5 table like users, user_role, roles, role_permission, permissions.
If permissions depend on roles, why we not just check the roles, and delete that permissions table ?
Upvotes: 2
Views: 334
Answers (1)
Reputation: 31153
You surely could get rid of permissions altogether, but you would still have to have them somewhere. Otherwise the roles would just degrade to permissions with another name.
Roles can have multiple permissions and users belong to roles. The code will still usually check for permissions, like "can edit settings", "can save" and the roles are just a grouping of permissions. For example, administrator can edit settings and save files.
If you only had roles, you would have to code the permissions in. Your code would say in every save point "is the user in role X or Y or Z?" and adding new roles would require adding them to code. So basically the roles would be pointless.
Upvotes: 3
Related Questions
- Laravel RBAC (Role Based Access Control) Model Relationship
- Laravel 5 role based access control
- Role Based Access Control MySql Implementation
- laravel users with several roles having several permissions
- Yii Role Based Access Control
- Yii Framework 2.0 Role Based Access Control RBAC
- Laravel RBAC different behaviours
- Yii2 - RBAC, Difference between Roles and Permissions
- Advanced Role-Based Access Control
- What is the reason for having authorization rules in the database?