Difference between #1 and #3 of
ACL and RBAC

Changes

Title unchanged

ACL and RBAC

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

ACL, rbac, Tree structure, authorization, security, scalability

Content changed

[...]
This HowTo assumes that you have a smattering of ACL in general and of how [the acl-extension](http://www.yiiframework.com/extension/acl/ "the ACL-Extension") works basically. It will introduce you into the abstract and give you a hint on how to use Business-Rules. If you have in-depth questions, please refer to the extension documentation.
Using ACL in an RBAC-manner cannot and should never obscure the fact that the underlying system is still ACL-based. In fact, the Business-Rules are just another layer in the permission-check plan.

Layers in ACL (at full extend):
1. General Permission Lookup   2. Regular ACL-Permission lookup  
3. Business-Rules lookup
[...]
------------------
What the ACL-Extension does is basically to put the ACL-Objects (Aros, Aco) in two tree-hierarchies (in each tree are only objects of one type).
This implies that ACL-Objects can have parents and children, while children inherit the permissions of their parents.
Note that hierarchies are _explicitly_ supported for both Aros _and_ Acos. Also, each Aro and Aco can have _multiple_ parents. The depth of the hierarchy is unlimited, the lookup is non-recursive.


Permission Lookup Layers
------------------
[...]
0 0
3 followers
Viewed: 29 818 times
Version: 1.1
Category: How-tos
Tags: ACL, authorization, rbac, scalability, security, Tree structure
Written by: zeroByte
Last updated by: kevinkorb
Created on: Jun 29, 2012
Last updated: 11 years ago
Update Article
Revert to #1 | Revert to #3

Revisions

View all history