[rsbac] About ACCESS_CONTROL and SUPERVISOR rights

Javier J. Martínez Cabezón tazok.id0 at gmail.com
Sat Jan 10 18:54:59 CET 2009


Hi I only need confirmation about one concept. If I didn't
missunderstand the concept:

If I have one rol named gerency_r that admin the roles Technician_r,
nurses_r and Doctor_r, Technician_r has write_only rights to
patient_data_t type, Doctor_r has read-write access granted to it and
nurses_r only read-only.
 If secoff grants ACCESS_CONTROL right to patient_data to rol
gerency_r then gerency_r could add or remove standard DAC rights
access to all data from this type involving this three roles isn't it?
 If secoff grants SUPERVISOR right to patient_data type to rol
gerency_r then gerency_r could add or remove any RSBAC rights access
to this type involving this three roles. Is this correct?


More information about the rsbac mailing list