There was a problem loading the comments.

Resource Owning

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
  • 24/02/2022 1:14 PM

RBAC

RBAC (role-based access control) is a policy neutral access control mechanism defined around roles and privileges. The permissions to perform certain operations are assigned to specific roles. Role is a title which defines an authority level. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account.

Three primary rules are defined for RBAC:

  1. Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role.
  2. Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.
  3. Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized.

In Prime Engine the following two roles are defined:

  • User - A user can only access and perform operations on the resources he owns.
  • Admin - An admin can access and perform operations on all the resources of all the users.

Third Security Layer

When a resource belongs to a particular user, he is the only user that can perform operations onto it. Administrators have access to all resources and and can perform all the operations on them.

When a role has an access to a resource it can perform the following operations:

  • fetch all - shows all resources of a particular type that belongs to the user;
  • fetch entity- shows a resource unit that is described by the user;
  • create - create a resource unit;
  • update - updates a whole resource unit;
  • patch - partially modifies a resource unit;
  • delete - deletes a resource unit;

Share via

Related Articles

© ApiHawk