Created
July 22, 2024 14:45
-
-
Save jcohen66/fcb34114c1723f72779116842565cf95 to your computer and use it in GitHub Desktop.
CISSM Role Based Access Control (RBAC) #cissp #rbac #role #based #access #control
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Role Based Access Control | |
- Has Role | |
- Has Permission | |
- User | |
- Role | |
- Permission | |
- User can have 1-n Roles (User-Role) | |
- Role can have 1-n Permissions (Rolex-Permission) | |
- RBAC Policy | |
- Resources | |
- Roles | |
- Named collection of permissions | |
- Identified by role_id | |
- Named so that they represent meaningful personas | |
- Example | |
- admin | |
- Many permissions | |
- reader | |
- One permission | |
- Actions | |
- Relationship between them serves as the foundation for RBAC permission model | |
- Resources | |
- Customer | |
- Organization | |
- Facility | |
- Ratings | |
- Example: | |
- The Customers resource supports create, read, write operations | |
{ | |
"resource_id": "customers", | |
"actions": [ | |
"create". | |
"read", | |
"write" | |
], | |
"description": "Customers are the main person object" | |
} | |
- Actions | |
- Create | |
- Read | |
- Write | |
- Delete | |
- Permission | |
- Links actions to a resource | |
- Actions are scoped to a specific resource | |
- A Permission's actions are a subset of the Resource's | |
- A Permission can only include an action that the corresponding Resource has within its onwn actions list | |
Example: | |
- The reader role is authorized to perform read operations on Customers and Ratings | |
{ | |
"role_id": "reader", | |
"permissions": [ | |
{ | |
"actions": [ | |
"read" | |
], | |
"resource_id": "customers" | |
}, | |
{ | |
"actions": { | |
"read" | |
}, | |
"resource_id": "ratings" | |
} | |
], | |
"description": "Members with the reader role can view customers and ratings" | |
} | |
Summary | |
- Resources represent entities like Customers, Organizations, Ratings | |
- Resources have actions, which are lists that enumerate all valid operations | |
- Roles represent personas like admin, reader, writer | |
- Roles have permissions that link specific actions to a Resource | |
- RBAC Policy puts them all together and serves as the central repository | |
- Stores all Resources and Roles | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment