Software As Service: Role Permission Explosion in Role Base Access Security [RBAC]

Wednesday, August 1, 2007

Role Permission Explosion in Role Base Access Security [RBAC]

Formula: nCr = n! / [(n-r)! r!]

n : Possible Permissions

r : Possible Roles

So for 3 Permissions, possible roles are

3C1+3C2+3C3 = 7

So for 3 permissions, we have 7 possible roles in 1 application. If we have 2 applications then the no of roles will be 14.

Challenge

How to minimize / manage roles?

Solution:

By Grouping

Role Hierarchy
Role Linking

By Enforcing Business Rules

No comments:

Post a Comment

What I do why I do..

``I think that it's extraordinarily important that we in computer science keep fun in computing. When it started out, it was an awful lot of fun. Of course, the paying customers got shafted every now and then, and after a while we began to take their complaints seriously. We began to feel as if we really were responsible for the successful, error-free perfect use of these machines. I don't think we are. I think we're responsible for stretching them, setting them off in new directions, and keeping fun in the house. I hope the field of computer science never loses its sense of fun. Above all, I hope we don't become missionaries. Don't feel as if you're Bible salesmen. The world has too many of those already. What you know about computing other people will learn. Don't feel as if the key to successful computing is only in your hands. What's in your hands, I think and hope, is intelligence: the ability to see the machine as more than when you were first led up to it, that you can make it more.''
Alan J. Perlis (April 1, 1922-February 7, 1990)

Software As Service

Wednesday, August 1, 2007

Role Permission Explosion in Role Base Access Security [RBAC]

No comments:

Subscribe To My Podcast

Abhi@Linkedin

About Me

The CodeProject

Blog Archive

Software radio

What I do why I do..

We did it in 1968...