Changes between Version 11 and Version 12 of Internal/Rbac/OrbitRbacDesign/ResourcesRoles


Ignore:
Timestamp:
Oct 5, 2006, 4:22:02 PM (18 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/Rbac/OrbitRbacDesign/ResourcesRoles

    v11 v12  
    11[[TOC(Internal/Rbac, Internal/Rbac/OrbitRbacLevels, Internal/Rbac/OrbitRbacDesign, Internal/Rbac/OrbitRbacDesign/ThreatAnalysis, Internal/Rbac/OrbitRbacDesign/ResourcesRoles, Internal/Rbac/OrbitRbacDesign/ImplementationResearch, Internal/Rbac/OrbitRbacDesign/AuditingTools, Internal/Rbac/OrbitRbacDesign/ConsistencyChecking, Internal/Rbac/OrbitRbacDesign/NistRbacSoftware, Internal/Rbac/OrbitRbacDesign/SolarisRbac, Internal/Rbac/OrbitRbacDesign/OasisRbac, Internal/Rbac/OrbitRbacDesign/xoRbac, Internal/Rbac/OrbitRbacDesign/DesignByWiki, Internal/Rbac/OrbitRbacDesign/OpenIssues, Internal/Rbac/OrbitRbacDesign/WorkToDo, Internal/Rbac/LdapResources, Internal/Rbac/RbacResources)]]
    22==== Resources and Roles ====
    3 Roles are defined by the set of pairs of resources and methods of access to them to which users active in a role will be granted permission (or not).  The roles defined for ORBIT will apply uniformly to each ORBIT project.  There will be no custom roles for specific projects, i.e., it is a completely orthogonal design.  Is it not currently anticipated that there will be any project-specific resources.   Any future project-specific resource first would have to integrated into ORBIT as a service so that access to it as an ORBIT resource could be controlled, then all ORBIT roles would have to be modified, perhaps trivially, to grant or not grant access to each of the service's methods.
     3Roles are defined by the set of methods of using resources to which users active in a role will be granted permission to access.  The roles defined for ORBIT will apply uniformly to each ORBIT project.  There will be no custom roles for specific projects, i.e., it is a completely orthogonal design.
     4
     5Is it not anticipated that there will be any project-specific resources.   Any future project-specific resource first would have to integrated into ORBIT as a service so that access to it as an ORBIT resource could be controlled. Second all ORBIT roles would have to be modified, perhaps trivially, to grant or not grant access to each of the service's methods.
    46
    57The design of the ORBIT RBAC resources and roles needs to be as extenisble as possible regarding adding resources.