当前位置:网站首页>Permission model DAC ACL RBAC ABAC
Permission model DAC ACL RBAC ABAC
2022-06-24 08:26:00 【xcrj】
Access control mode
| Access control | Introduce |
|---|---|
| Autonomous access control (DAC,Discretionary Access Control) | |
| Enforce access control (MAC,Mandatory Access Control) | |
| Access control list (ACL,Access Control List) | What kind of behavior does the subject use to access object resources |
| Role based access control (RBAC,Role-based Access Control) | user 、 role 、 jurisdiction ( resources 、 operation ) |
| Attribute based access control (ABAC,Attribute-based Access Control) | According to the entity properties 、 Environmental properties 、 Operation attribute for permission control |
ACL
What kind of behavior does the subject use to access object resources
Access entity (Subject), Access resources (Object) And access methods (Action)
The main body 、 object 、 Behavior
- The main body : user , role
- object : resources
- Behavior : Read write execute
RBAC
RBAC There are several versions
- RBAC0: user , role , jurisdiction ( resources , operation )
- RBAC1:RBAC0+ Role inheritable ( The role of father and son )
- RBAC2:RBAC0+ Role restrictions ( Static limit , Dynamic limits )
- RBAC3: A combination of RBAC0,RBAC1,RBAC2
user 、 role 、 jurisdiction ( resources 、 operation )
RBAC0
RBAC1
RBAC2
SSD( Static separation of duties )
- Role mutual exclusion constraint : Avoid stealing
- The number of roles is constrained : Users have a limited number of roles , Roles have limited permissions
- Role level constraints : You must first lower level roles , To have high-level roles
DSD( Dynamic separation of duties )
- In a conversation , The user owns 3 A character , Can only activate 1 A character
RBAC3
ABAC
According to the entity properties 、 Environmental properties 、 Operation attribute for permission control
Suitable for complex permission requirements , All permission requirements can be met
contrast RBAC-ABAC
| Model | characteristic |
|---|---|
| RBAC | The larger the quantities are , The greater the role and authorization relationship that needs to be maintained |
| ABAC | Suitable for complex scenarios , Finer particle size , More policies |
边栏推荐
- RCNN、Fast-RCNN、Faster-RCNN介绍
- Utilisation de la fermeture / bloc de base SWIFT (source)
- Qt导出PDF文件的两种方法
- 2021-03-04 COMP9021第六节课笔记
- 有关iframe锚点,锚点出现上下偏移,锚点出现页面显示问题.iframe的srcdoc问题
- Small sample fault diagnosis - attention mechanism code - Implementation of bigru code parsing
- Swift extension networkutil (network monitoring) (source code)
- Vscode topic recommendation
- 2021-03-09 comp9021 class 7 Notes
- How to use the virtual clock of FPGA?
猜你喜欢
![3D数学基础[十七] 平方反比定理](/img/59/bef931d96883288766fc94e38e0ace.png)
随机推荐
2022茶艺师(中级)上岗证题库及在线模拟考试
DHCP, TFTP Foundation
新准则金融资产三分类:AMC、FVOCI和FVTPL
[ACNOI2022]不是构造,胜似构造
LabVIEW查找n个元素数组中的质数
Vscode topic recommendation
1279_VMWare Player安装VMWare Tools时VSock安装失败解决
etcd备份恢复原理详解及踩坑实录
jwt(json web token)
Transformers pretrainedtokenizer class
复习SGI STL二级空间配置器(内存池) | 笔记自用
How to use the virtual clock of FPGA?
Teach you how to use the reflect package to parse the structure of go - step 1: parameter type check
[graduation season] Hello stranger, this is a pink letter
PAT 1157:校庆
[introduction to point cloud dataset]
5分钟,客服聊天处理技巧,炉火纯青
独立站运营中如何提升客户留存率?客户细分很重要!
问题3 — messageBox弹框,修改默认背景色
"Adobe international certification" about Adobe Photoshop, creating and modifying brush tutorials?