Wednesday, August 1, 2007

Role Permission Explosion in Role Base Access Security [RBAC]

Formula: nCr = n! / [(n-r)! r!]

n : Possible Permissions

r : Possible Roles

So for 3 Permissions, possible roles are

3C1+3C2+3C3 = 7

So for 3 permissions, we have 7 possible roles in 1 application. If we have 2 applications then the no of roles will be 14.


How to minimize / manage roles?


By Grouping

  1. Role Hierarchy
  2. Role Linking

By Enforcing Business Rules

No comments: