[rsbac] About ACCESS_CONTROL and SUPERVISOR rights

Amon Ott ao at rsbac.org
Mon Jan 12 15:24:15 CET 2009

Am Sünnavend 10 Januor 2009 schrieb Javier J. Martínez Cabezón:
> If I have one rol named gerency_r that admin the roles Technician_r,
> nurses_r and Doctor_r, Technician_r has write_only rights to
> patient_data_t type, Doctor_r has read-write access granted to it and
> nurses_r only read-only.
>  If secoff grants ACCESS_CONTROL right to patient_data to rol
> gerency_r then gerency_r could add or remove standard DAC rights
> access to all data from this type involving this three roles isn't it?

ACCESS_CONTROL is for granting normal RSBAC rights.


>  If secoff grants SUPERVISOR right to patient_data type to rol
> gerency_r then gerency_r could add or remove any RSBAC rights access
> to this type involving this three roles. Is this correct?

SUPERVISOR allows to set or revoke the RC special rights like ACCESS_CONTROL 
or SUPERVISOR itself.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list