how to choose a security model [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 9 years ago.

I am looking for the best security model to implement access rights on a website. Objects access should be granted based on the following rules initially:

• User
• User Group
• Hierarchy
• Permissions (CRUD)

What are the security models I can use and what are the advantages and disadvantages of each one?

Thank you!

Answer 1

Access control models are sometimes categorized as either discretionary or non-discretionary. The three most widely recognized models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC and RBAC are both non-discretionary.

But I suggest to use RBAC model. It's so useful for your problem.

Answer 2

RBAC is usually pretty easy to implement and straight forward. However I would be surprised if an existing access control library didn't exist for your platform.