Question

I have few doubts on configuring RBAC in WSO2:

  1. are supported hierarchical roles?
  2. is it possible to associate different roles to a user depending to a different authorization contexts? I.e. in DeptA a user can access a certain resource since having a manager role, while in DeptB cannot since having normal employee role.
  3. RBAC can be implemented with XACML policies? Any sample policies available with hierarchical roles?
Was it helpful?

Solution

  1. In WSO2-IS, it's the permission model that is hierarchical. Permissions can be assigned to a role in a fine-grained or a coarse-grained manner.

  2. I think this is not straightforward.If the resource is identified with the Dept, we will be able to control it's permission there. If so this can be handled with XACML policies as well.

  3. This sample policy may be of some help to you. http://pushpalankajaya.blogspot.com/2013/06/xacml-30-policies-multiple-rules-5.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top