Menus

Saturday 1 August 2015

Role-Based Access Control (RBAC)



Role-Based Access Control (RBAC) provides a simple yet powerful centralized access control.

Using RBAC involves two parts of work. The first part is to build up the RBAC authorization data, and the second part is to use the authorization data to perform access check in places where it is needed.

Basic Concepts

A role represents a collection of permissions (e.g. creating posts, updating posts). A role may be assigned to one or multiple users. To check if a user has a specified permission, we may check if the user is assigned with a role that contains that permission.

Associated with each role or permission, there may be a rule. A rule represents a piece of code that will be executed during access check to determine if the corresponding role or permission applies to the current user. For example, the “update post” permission may have a rule that checks if the current user is the post creator. During access checking, if the user is NOT the post creator, he/she will be considered not having the “update post” permission.


Yii2 Lesson RBAC Part I
Yii2 Lesson RBAC Part II


 Implementing a role based access control is a very easy process and you can even load your roles from the database if you want.

 Creating necessary tables in the database

 

drop table if exists `auth_assignment`;
drop table if exists `auth_item_child`;
drop table if exists `auth_item`;
drop table if exists `auth_rule`;

create table `auth_rule`
(
`name` varchar(64) not null,
`data` text,
`created_at` integer,
`updated_at` integer,
    primary key (`name`)
) engine InnoDB;

create table `auth_item`
(
`name` varchar(64) not null,
`type` integer not null,
`description` text,
`rule_name` varchar(64),
`data` text,
`created_at` integer,
`updated_at` integer,
primary key (`name`),
foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade,
key `type` (`type`)
) engine InnoDB;

create table `auth_item_child`
(
`parent` varchar(64) not null,
`child` varchar(64) not null,
primary key (`parent`, `child`),
foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade,
foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

create table `auth_assignment`
(
`item_name` varchar(64) not null,
`user_id` varchar(64) not null,
`created_at` integer,
primary key (`item_name`, `user_id`),
foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;






Setting up the config file

 
This is done by adding the following lines to the components section of your config file





'authManager' => [


                           'class' => 'yii\rbac\DbManager',


                           'defaultRoles' => ['guest'],


          ],









Building authorization data is all about the following tasks:



 • defining roles and permissions;

 • establishing relations among roles and permissions;

 • defining rules;

 • associating rules with roles and permissions;



 • assigning roles to users.


























Posted by



at







































No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)