Fine grained access control

Hi,

I’m building an application which is going to require quite fine grained
access control. Deciding if a user is allowed to access an action will
probably require checking quite number of different rules, so a simple
role-based system won’t be flexible enough.

The approach I think I will try first is, if it’s possible, to ignore
permission issues inside the actions. I think this may be achievable by
using quite a complicated before_filter to decide if the current user is
allowed to execute this action with the given parameters.

Anyway, if anyone could lend a bit of their experience, or possibly even
better, recommend some resources which cover building larger permissions
systems (books, articles etc…) I’d be very grateful.

Thanks, Jonathan.

Anyway, if anyone could recommend some resources which cover building larger permissions systems (books, articles etc…) I’d be very grateful.

Ditto.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control. There are several discussion at Sitepoint on the topic.

Regards

Tony Green

Ack… a bit tired… that should be “gem install
model_security_generator”.

AC Green wrote:

Tony Green

Bruce P. wrote a RBAC called ModelSecurity. It’s available as a gem:

gem install model_security

Here’s the site:

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

b

AC Green a écrit :

Anyway, if anyone could recommend some resources which cover building larger permissions systems (books, articles etc…) I’d be very grateful.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control. There are several discussion at Sitepoint on the topic.

See https://activerbac.turingstudio.com/
It implements RBAC for rails.