Re: Role-based Access Control (RBAC)

---

• From: Lewis Perin <perin@xxxxxxxxx>
• Date: 28 Nov 2006 16:48:27 -0500

---

Michael Vilain <vilain@xxxxxxxxxxx> writes:

In article <pc7wt5ffv72.fsf@xxxxxxxxxxxxxxxx>,
Lewis Perin <perin@xxxxxxxxx> wrote:

Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.

If you're running php scripts in the command line rather than on a
web-server, you might benefit from running from within RBAC (on Solaris,
no?) or sudo (close enough to have 7 alleals in common).

But if you're running from the web, your process runs under the web
server's UID. I fail to see how RBAC might help in that situation.

I didn't mean RBAC, the Solaris concept of fine-grained superuser
privileges; I meant RBAC, the more general concept of role-based
access control, in this case applied to the user roles, operations,
and resources within a Web-based PHP application.

What are you attempting to achieve here rather than asking about a
specific solution?

To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.

(By being this abstract, I'm not trying to be mysterious; I'm just
trying to state the problem clearly.)

/Lew
---
Lew Perin / perin@xxxxxxx
http://www.panix.com/~perin/babelcarp.html
.

---

• References:
  • Role-based Access Control (RBAC)
    • From: Lewis Perin

• Prev by Date: Re: php 5 classes: public, protected and private
• Next by Date: Re: padding with spaces
• Previous by thread: Role-based Access Control (RBAC)
• Next by thread: return of a field value (auto-increment) after insert (mysql)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Role-based Access Control (RBAC) ... Lewis Perin writes: ... that handles permissions for various types of requests by ... I'm speaking of maintaining/editing the ... (comp.lang.php) Re: Access Control Models ... Blow has sensitive data on his computer because of DAC he can give ANY ... permissions which by default is the creator of the object. ... Win 2000 (workstation and server) ... and 2000 and others say MAC and then some others say RBAC. ... (microsoft.public.security) Re: Access Control Models ... permissions which by default is the creator of the object. ... Win 2000 (workstation and server) ... Some say DAC for NT ... and 2000 and others say MAC and then some others say RBAC. ... (microsoft.public.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > comp.lang.php  > 2006-11