[rsbac] New to RSBAC

Michal Purzynski michal at rsbac.org
Mon Feb 15 10:48:31 CET 2010


Am niedziela 14 luty 2010 schrieb Javier J. Martínez Cabezón:
> 2010/2/14 Louis Bateman <lbateman07 at gmail.com>:
> >> RC  with ACL is special: here ACL is considered as an extension for
> >> special cases, but I have never needed that in real life.
> >
> > I'm not sure what you mean here? It is my understanding that RC needs the
> > ACL module...the way the RC model is useful is by assigning permissions
> > for roles to types...and this is only with the RC + ACL model?
> >
> > Or is that functionality intrinsic to the RC model and just has the same
> > permissions avalable as the ACL model, and the ACL model is quite
> > separate?
>
> RC and ACL works in a independent way. Every model has this "requests"
> available. Some of them (as MAC) has some hardcoded, other not.
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac


EVERY model in RSBAC is completely separate and can work independently from 
others, on his own. You could even choose one only of them and use it - no 
problem.

RC has requests, targets, objects. It works like

Subject -> (requests) -> object

where objects are RC types - created and managed just for RC module.

ACL is another story and not frequently used. That's something you can use for 
some special corner cases. Anyway, it is a really great module!

Before you ask - if the same access will be under policy of more than one 
module, ALL of them have to grant it (or return they don't care) - or it will 
be denied.

Michal Purzynski


More information about the rsbac mailing list