Hierarchical RBAC implementation in PHP?

Question

What would you suggest? I checked out NIST RBAC PHP API 0.65 but it does not seem to support hierarchy.

In essence I want to have users with sub-users and the sub-users would have roles and access only to what their parent can access. Which seems like a good fit for a hierarchical RBAC scheme.

Thanks,

John

Answer 1

I know the trail is cold, but a new project has popped up :

PHP-RBAC is a PHP Hierarchical NIST Level 2 Standard Role Based Access Control and is pretty mature. It is also an OWASP project.

I hope you enjoy it at http://phprbac.net

There were no hierarchical RBAC standard implementations until this one.

Answer 2

Would you consider using a framework that includes an RBAC? (that has hierarchy). First, if you don't, and if you don't have a framework of choice already, then I strongly recommend you go a step back, research, and choose such a framework. I see very little point in developing PHP based apps from scratch. Even very small and target oriented apps could use some parts of a framework.

I use Yii framework. This is an extremely light, powerful and performance-oriented framework that fits almost any job you'll need, especially since its so light (everything there is lazy loaded so if use only selected components/features of it, the performance footprint of it is probably un-felt). Yii has a good built in RBAC implementation that has your hierarchy requirement. I advice you have a look at it. Here's the relevant section of the official Yii guide, on RBAC and access control.