当前位置:网站首页>Permission model DAC ACL RBAC ABAC
Permission model DAC ACL RBAC ABAC
2022-06-24 08:26:00 【xcrj】
Access control mode
| Access control | Introduce |
|---|---|
| Autonomous access control (DAC,Discretionary Access Control) | |
| Enforce access control (MAC,Mandatory Access Control) | |
| Access control list (ACL,Access Control List) | What kind of behavior does the subject use to access object resources |
| Role based access control (RBAC,Role-based Access Control) | user 、 role 、 jurisdiction ( resources 、 operation ) |
| Attribute based access control (ABAC,Attribute-based Access Control) | According to the entity properties 、 Environmental properties 、 Operation attribute for permission control |
ACL
What kind of behavior does the subject use to access object resources
Access entity (Subject), Access resources (Object) And access methods (Action)
The main body 、 object 、 Behavior
- The main body : user , role
- object : resources
- Behavior : Read write execute
RBAC
RBAC There are several versions
- RBAC0: user , role , jurisdiction ( resources , operation )
- RBAC1:RBAC0+ Role inheritable ( The role of father and son )
- RBAC2:RBAC0+ Role restrictions ( Static limit , Dynamic limits )
- RBAC3: A combination of RBAC0,RBAC1,RBAC2
user 、 role 、 jurisdiction ( resources 、 operation )
RBAC0
RBAC1
RBAC2
SSD( Static separation of duties )
- Role mutual exclusion constraint : Avoid stealing
- The number of roles is constrained : Users have a limited number of roles , Roles have limited permissions
- Role level constraints : You must first lower level roles , To have high-level roles
DSD( Dynamic separation of duties )
- In a conversation , The user owns 3 A character , Can only activate 1 A character
RBAC3
ABAC
According to the entity properties 、 Environmental properties 、 Operation attribute for permission control
Suitable for complex permission requirements , All permission requirements can be met
contrast RBAC-ABAC
| Model | characteristic |
|---|---|
| RBAC | The larger the quantities are , The greater the role and authorization relationship that needs to be maintained |
| ABAC | Suitable for complex scenarios , Finer particle size , More policies |
边栏推荐
- For a detailed explanation of flex:1, flex:1
- Easyplayerpro win configuration full screen mode can not be full screen why
- 13 -- remove invalid parentheses
- OpenCV get(propId) 常用的值
- Getting started with crawler to giving up 06: crawler play Fund (with code)
- Nodejs redlock notes
- Transformers pretrainedtokenizer class
- LabVIEW查找n个元素数组中的质数
- Promise usage scenarios
- 复习SGI STL二级空间配置器(内存池) | 笔记自用
猜你喜欢
Understanding of the concept of "quality"
jwt(json web token)
2021-03-09 COMP9021第七节课笔记
Introduction to RCNN, fast RCNN and fast RCNN
自动化测试的未来趋势
5分钟,客服聊天处理技巧,炉火纯青
OC extension detects whether an app is installed on the mobile phone (source code)
About the iframe anchor, the anchor is offset up and down, and the anchor has page display problems Srcdoc problem of iframe
Utilisation de la fermeture / bloc de base SWIFT (source)
2022茶艺师(中级)上岗证题库及在线模拟考试
随机推荐
os. path. Pits encountered during the use of join()
Swift foundation features unique to swift
List of Li Bai's 20 most classic poems
Four models of iPhone 13 series have been exposed, and indeed, they are 13 fragrant!
io模型初探
Small sample fault diagnosis - attention mechanism code - Implementation of bigru code parsing
问题3 — messageBox弹框,修改默认背景色
疫情下更合适的开发模式
[acnoi2022] I have done it, but I can't
11-- longest substring without repeated characters
【点云数据集介绍】
5分钟,客服聊天处理技巧,炉火纯青
Vscode topic recommendation
Online education fades
5g industrial router Gigabit high speed low delay
13 -- remove invalid parentheses
13 -- 移除无效的括号
For a detailed explanation of flex:1, flex:1
1279_ Vsock installation failure resolution when VMware player installs VMware Tools
C language_ Love and hate between string and pointer