Questions tagged [rbac]
The rbac tag has no summary.
12 questions
3
votes
1
answer
691
views
RBAC vs PBAC vs ACL
I’m trying to clarify the difference between Role-based Access Control, Policy-based Access Control, and Access Control List when designing an authorization system.
I have two scenarios:
Scenario A
I ...
- 43
3
votes
2
answers
265
views
UML class diagram for RBAC. I don't know if the permissions and roles are properly set
I am trying to create a UML class diagram using RBAC. I am new to this language and trying to make sense of it. I am attempting to showcase permissions to specific roles. I am not sure whether that is ...
- 39
0
votes
2
answers
202
views
Role Based Access Control: Inline vs Centralized
I have a server with many methods that can be requested by a user (or other service). I want to implement a role based access control. I can think of 2 ways to do it.
Inline: Each method has ...
- 143
0
votes
1
answer
936
views
RBAC - using database vs hard coded
I need to implement RBAC in a project I'm working on, and I'm fairly new to the concept. I am trying to figure out the best way to implement it.
The most common approach seems to be to create roles ...
- 149
1
vote
2
answers
217
views
RBAC and domain specific roles
I have some doubts about RBAC which I cannot wrap my head around. So I would like to hear what you guys think.
Though I understand the concept of RBAC, I cannot figure out how to apply that to my ...
- 13
0
votes
0
answers
48
views
Attempting to Implement RBAC from ACL
I am trying to implement RBAC to a system but I endup creating an ACL instead due to my low understanding of this archtecture.
What I already have implemented:
Created User model.
Created Groups with ...
- 109
0
votes
0
answers
233
views
How do you do you implement roles on your API's using Azure AD Security groups?
I'm trying to figure out the best way to accomplish using Azure Active Directory Security groups to manage role assignments for an API. I'm trying to evaluate a few different options as well as poll ...
1
vote
1
answer
306
views
OWASP Broken Access Control by example: preventing user's from reading/writing data that isn't theirs
I have experience building RBAC-based authorization mechanisms, and understand the theory behind ACLs (DAC?) though I've never had the need to implement them.
A situation was just presented to me that ...
0
votes
1
answer
165
views
How to limit resource creation with RBAC permission?
The project I am working on is a SaaS application with multiple payment tiers. Each one has multiple limits for different actions. One example would be that a free user can only create 1 space, a ...
2
votes
3
answers
2k
views
Securing API for third party use
We have a set of microservices and would like to expose endpoints from a subset of these for third parties to use. To this end, we will build an API Gateway that acts as the access control mechanism ...
- 185
0
votes
0
answers
1k
views
Single users database for many apps
I'm designing a database that holds the information for users of three diferentes apps that share the access to the data trough an API. For every user i'm storing credentials, profile and roles.
What ...
- 109
5
votes
1
answer
6k
views
Dealing with permissions for the list of resource
I have a few big services, that uses the same database and tables for managing roles and permissions. Each service ask the database directly for the permissions.
Now I need to build a new service. ...
- 183