RBAC question
Posted: Thu Oct 09, 2008 2:26 pmHi,
I'm very new to RBAC so any help, links or examples will be appreciated...
My implementation of RBAC now works as follows:
When a site visitor submits a form, say with his personal data, he starts an action i.e. person_update.
Judging by the visitors and the person's ids the visitor is assigned a role, say 'owner' and gets permission to update the record.
Also, this action person_update can be started by somebody who has a role of 'admin' or 'moderator'.
The problem is that 'owner' can not change some DB record fields like his own login name and 'admin' or 'moderator' can. So I somehow need to get control over a particular DB field.
So the question is: is it possible to do inside RBAC model by creating new roles/actions and without implementing CRUD matrix for each field in DB?
Thank you,
I'm very new to RBAC so any help, links or examples will be appreciated...
My implementation of RBAC now works as follows:
When a site visitor submits a form, say with his personal data, he starts an action i.e. person_update.
Judging by the visitors and the person's ids the visitor is assigned a role, say 'owner' and gets permission to update the record.
Also, this action person_update can be started by somebody who has a role of 'admin' or 'moderator'.
The problem is that 'owner' can not change some DB record fields like his own login name and 'admin' or 'moderator' can. So I somehow need to get control over a particular DB field.
So the question is: is it possible to do inside RBAC model by creating new roles/actions and without implementing CRUD matrix for each field in DB?
Thank you,