当前位置:网站首页>Permission model DAC ACL RBAC ABAC
Permission model DAC ACL RBAC ABAC
2022-06-24 08:26:00 【xcrj】
Access control mode
| Access control | Introduce |
|---|---|
| Autonomous access control (DAC,Discretionary Access Control) | |
| Enforce access control (MAC,Mandatory Access Control) | |
| Access control list (ACL,Access Control List) | What kind of behavior does the subject use to access object resources |
| Role based access control (RBAC,Role-based Access Control) | user 、 role 、 jurisdiction ( resources 、 operation ) |
| Attribute based access control (ABAC,Attribute-based Access Control) | According to the entity properties 、 Environmental properties 、 Operation attribute for permission control |
ACL
What kind of behavior does the subject use to access object resources
Access entity (Subject), Access resources (Object) And access methods (Action)
The main body 、 object 、 Behavior
- The main body : user , role
- object : resources
- Behavior : Read write execute
RBAC
RBAC There are several versions
- RBAC0: user , role , jurisdiction ( resources , operation )
- RBAC1:RBAC0+ Role inheritable ( The role of father and son )
- RBAC2:RBAC0+ Role restrictions ( Static limit , Dynamic limits )
- RBAC3: A combination of RBAC0,RBAC1,RBAC2
user 、 role 、 jurisdiction ( resources 、 operation )
RBAC0
RBAC1
RBAC2
SSD( Static separation of duties )
- Role mutual exclusion constraint : Avoid stealing
- The number of roles is constrained : Users have a limited number of roles , Roles have limited permissions
- Role level constraints : You must first lower level roles , To have high-level roles
DSD( Dynamic separation of duties )
- In a conversation , The user owns 3 A character , Can only activate 1 A character
RBAC3
ABAC
According to the entity properties 、 Environmental properties 、 Operation attribute for permission control
Suitable for complex permission requirements , All permission requirements can be met
contrast RBAC-ABAC
| Model | characteristic |
|---|---|
| RBAC | The larger the quantities are , The greater the role and authorization relationship that needs to be maintained |
| ABAC | Suitable for complex scenarios , Finer particle size , More policies |
边栏推荐
- Learning event binding of 3D visualization from scratch
- [teacher zhaoyuqiang] use the Oracle tracking file
- App Startup
- 直播回顾 | 云原生混部系统 Koordinator 架构详解(附完整PPT)
- Detailed explanation of etcd backup and recovery principle and actual record of stepping on the pit
- Teach you how to use the reflect package to parse the structure of go - step 1: parameter type check
- 【无标题】
- LINQ 查询(2)
- 李白最经典的20首诗排行榜
- VR is destined to reappear in the Jianghu?
猜你喜欢
Swift Extension NetworkUtil(網絡監聽)(源碼)
一文带你了解Windows操作系统安全,保护自己的电脑不受侵害
Swift 基礎 閉包/Block的使用(源碼)
根据网络上的视频的m3u8文件通过ffmpeg进行合成视频
Swift 基础 Swift才有的特性
12-- merge two ordered linked lists
Installation and use of selenium IDE
More than observation | Alibaba cloud observable suite officially released
Écouter le réseau d'extension SWIFT (source)
PAT 1157:校庆
随机推荐
Analysis of abnormal problems in domain name resolution in kubernetes
[graduation season] Hello stranger, this is a pink letter
Pagoda panel installation php7.2 installation phalcon3.3.2
2022年流动式起重机司机特种作业证考试题库及在线模拟考试
487. number of maximum consecutive 1 II ●●
Question bank and simulation examination for operation certificate of refrigeration and air conditioning equipment in 2022
js滚动div滚动条到底部
Search and recommend those things
Tool functions – get all files in the project folder
Promise usage scenarios
2021-03-16 comp9021 class 9 notes
os.path.join()使用过程中遇到的坑
dhcp、tftp基础
DHCP, TFTP Foundation
[teacher zhaoyuqiang] use the Oracle tracking file
VR is destined to reappear in the Jianghu?
Application of JDBC in performance test
Easyplayerpro win configuration full screen mode can not be full screen why
将mysql的数据库导出xxx.sql,将xxx.sql文件导入到服务器的mysql中。项目部署。
【点云数据集介绍】