Access control
Questions
5 steps to RBAC
What is Role Based Access Control (RBAC) and why do we care?
RBAC is a method of controlling access to resources based on the roles of users within an organization. We care about RBAC because it helps ensure that users only have access to what they need.
Describe a Role/Permission heirarchy that you might implement using RBAC.
A role/permission hierarchy that you might implement using RBAC could include levels such as administrator, manager, and user, with different permissions assigned to each level.
What approach might you take to implement RBAC?
To implement RBAC, I would start by identifying the roles and permissions needed, and as users are made assign them a role.
wiki - RBAC
If Authentication is “you are who you say you are,” what is Authorization?
Authorization is the process of granting or denying access to specific resources based on a user’s identity and permissions.
Name three primary rules defined for RBAC.
Role assignment Role authorization Permission authorization
Describe RBAC to a non-technical friend.
RBAC is like checking id’s at the base gate.
RBAC tutorial
What Are access rights Associated with? The User? or The Role? Explain.
Access rights are typically associated with the role of a user, rather than the user themselves. This means that users are granted access to resources based on the permissions associated with their role within the organization.
Access Rights, or Authorization, is activated after a user successfully does what?
Access rights, or authorization, is activated after a user successfully authenticates.
Explain how RBAC might benefit a business.
RBAC can benefit a business by helping to ensure that users only have access to the resources that they need to do their jobs, and that sensitive things are protected.
What are your learning goals after reading and reviewing the class README?
My learning goals are to learn how to fluently implement everything we’ve learned, and are going to learn into one application.