Fine grained access control


#1

Hi,

I’m building an application which is going to require quite fine grained
access control. Deciding if a user is allowed to access an action will
probably require checking quite number of different rules, so a simple
role-based system won’t be flexible enough.

The approach I think I will try first is, if it’s possible, to ignore
permission issues inside the actions. I think this may be achievable by
using quite a complicated before_filter to decide if the current user is
allowed to execute this action with the given parameters.

Anyway, if anyone could lend a bit of their experience, or possibly even
better, recommend some resources which cover building larger permissions
systems (books, articles etc…) I’d be very grateful.

Thanks, Jonathan.


#2

Anyway, if anyone could recommend some resources which cover building larger permissions systems (books, articles etc…) I’d be very grateful.

Ditto.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control. There are several discussion at Sitepoint on the topic.

Regards

Tony Green


#3

Ack… a bit tired… that should be “gem install
model_security_generator”.


#4

AC Green wrote:

Tony Green

Bruce P. wrote a RBAC called ModelSecurity. It’s available as a gem:

gem install model_security

Here’s the site:

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

b


#5

AC Green a écrit :

Anyway, if anyone could recommend some resources which cover building larger permissions systems (books, articles etc…) I’d be very grateful.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control. There are several discussion at Sitepoint on the topic.

See https://activerbac.turingstudio.com/
It implements RBAC for rails.