how to choose a security model [closed]
-
12-06-2021 - |
문제
I am looking for the best security model to implement access rights on a website. Objects access should be granted based on the following rules initially:
- User
- User Group
- Hierarchy
- Permissions (CRUD)
What are the security models I can use and what are the advantages and disadvantages of each one?
Thank you!
해결책
Access control models are sometimes categorized as either discretionary or non-discretionary. The three most widely recognized models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC and RBAC are both non-discretionary.
But I suggest to use RBAC model. It's so useful for your problem.
다른 팁
RBAC is usually pretty easy to implement and straight forward. However I would be surprised if an existing access control library didn't exist for your platform.