reading-notes

🗒️ Class 8 - Access Control (ACL)

Readings

5 steps to RBAC

• What is Role Based Access Control (RBAC) and why do we care?

  RBAC is giving access to the users access based to thier role at an organization.

• Describe a Role/Permission heirarchy that you might implement using RBAC.

  A basic user role with read only, a manager role with read, write, and maybe update (depending on office needs), and an sysadmin role with full crud access.

• What approach might you take to implement RBAC?

  I would create starter roles and have an organization begin using them and modify the roles as needed.

wiki - RBAC

• If Authentication is “you are who you say you are,” what is Authorization?

  Authorization is what you are allowed to access.

• Name three primary rules defined for RBAC.

  Role assignment, Role authorization, and Permission authorization.

• Describe RBAC to a non-technical friend.

  RBAC is a an approach taken by developers in order to restrict access to certain parts or functionality of an application to a specific group of people or roles.

Videos

RBAC tutorial

• What Are access rights Associated with? The User? or The Role? Explain.

  Rights are associated with the roles, and roles are associated with users.

• Access Rights, or Authorization, is activated after a user successfully does what?

  Atuhenticates.

• Explain how RBAC might benefit a business.

  Access is based on job functions or roles so it makes it easier grant and remove permissions on a greater scope than trying to change individual users.