[rsbac] New to RSBAC
Michal Purzynski
michal at rsbac.org
Mon Feb 15 10:48:31 CET 2010
Am niedziela 14 luty 2010 schrieb Javier J. Martínez Cabezón:
> 2010/2/14 Louis Bateman <lbateman07 at gmail.com>:
> >> RC with ACL is special: here ACL is considered as an extension for
> >> special cases, but I have never needed that in real life.
> >
> > I'm not sure what you mean here? It is my understanding that RC needs the
> > ACL module...the way the RC model is useful is by assigning permissions
> > for roles to types...and this is only with the RC + ACL model?
> >
> > Or is that functionality intrinsic to the RC model and just has the same
> > permissions avalable as the ACL model, and the ACL model is quite
> > separate?
>
> RC and ACL works in a independent way. Every model has this "requests"
> available. Some of them (as MAC) has some hardcoded, other not.
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
EVERY model in RSBAC is completely separate and can work independently from
others, on his own. You could even choose one only of them and use it - no
problem.
RC has requests, targets, objects. It works like
Subject -> (requests) -> object
where objects are RC types - created and managed just for RC module.
ACL is another story and not frequently used. That's something you can use for
some special corner cases. Anyway, it is a really great module!
Before you ask - if the same access will be under policy of more than one
module, ALL of them have to grant it (or return they don't care) - or it will
be denied.
Michal Purzynski
More information about the rsbac
mailing list