[rsbac] Resources and Enhanced Role Compatibility

Jörg Lübbert rsbac@rsbac.org
Tue Oct 29 08:51:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Amon Ott schrieb:
> I would rather make the extra functionality optional in RC to avoid dou=
bled 
> maintenance:
> 
> - Hierarchical roles: subroles have (one or more) parent roles' rights =

> additional to own rights
> 
> - Hierarchical types: rights to subtypes are add by rights to (one or m=
ore) 
> parent type(s).

Sounds good to me :)

> We might make a config contest for the most difficult RC setup, which s=
till 
> works... ;)

And so does this. :)

How about making the RC module sensitive to linked libraries of a 
binary? Each linked library could add another set of predefined rc roles 
to the final binaries role access right set while still making sure that 
a predefined maximum access right role for that binary is not exceeded, 
which of course relies on a predefined maximum access right role that is 
mapped to the users ID? ;=)

- - Jörg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9vbPF4+zGoVB1iK8RAlXXAJ9FbjGgno+qDaZL1Eu5nfuyBPZanQCgq0WQ
M2o0KrxTV6bmKhFKsuAHR4I=8O2c
-----END PGP SIGNATURE-----