[rsbac] CAP learning mode and RC learning mode
Amon Ott
ao at rsbac.org
Tue Sep 29 16:03:54 CEST 2009
On Tuesday 29 September 2009 wrote Javier J. Martínez Cabezón:
> Hi amon, thanks for your answer and thanks for CAP learning mode, in
> RC learning mode users should take it just as a starting point after
> analize their system and setting the necessary roles and types and we
> could advice it, RC learning mode will add necessary rights to the new
> created role to the necessary types (it will save a lot of time of
> review logs looking for DENIED AEF answers). We could add an advise to
> the user to be careful with the policies generated at this way.
Just had the idea that RC learning mode could be enabled per role, so you will
only mess up single roles. E.g. create a new role and let it learn the rights
to your existing types.
Although it is a lot of work to review the logs and set rights, I decide per
single right whether it should be granted or not, and whether I need a new
type or role. So this learning mode is really not going to provide a good
setup, but at least a working system.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list