Role-based Access Control
RBAC
- Definition
- Permission to perform an operation on an object is given to a role that is assigned to a subject.
The user of a website (subject) can only perform a selection of the actions (operations) possible in the website. Rather than giving the subject direct permission to an operation, which would involve a lot of work and careful thought, roles are defined that give access to a range of permissions. The user is then simply assigned a role (or a few roles).
Assigning roles to users, and assigning permissions to roles, are permissions on their own.
Examples
- Role: content editor, permissions: read, edit, delete, and publish articles
When should you use it?
- If the application needs some form of non-trivial access restriction.