Zum Hauptinhalt springen

Unterstützte Modelle

  1. ACL (Zugriffskontrollliste)
  2. ACL mit Superuser
  3. ACL without users: This is especially useful for systems that don't have authentication or user logins.
  4. ACL without resources: In some scenarios, the target is a type of resource instead of an individual resource. Permissions like "write-article" and "read-log" can be used. This doesn't control access to a specific article or log.
  5. RBAC (Rollenbasierte Zugriffssteuerung)
  6. RBAC with resource roles: Both users and resources can have roles (or groups) at the same time.
  7. RBAC with domains/tenants: Users can have different sets of roles for different domains/tenants.
  8. ABAC (Attribute-Based Access Control): Syntax sugar like "resource.Owner" can be used to get the attribute for a resource.
  9. RESTful: Supports paths like "/res/*", "/res/:id", and HTTP methods like "GET", "POST", "PUT", "DELETE".
  10. Deny-override: Both allow and deny authorizations are supported, where deny overrides allow.
  11. Priority: The policy rules can be prioritized, similar to firewall rules.

Beispiele

ModellModelldateiRichtlinien-Datei
ACLbasic_model.confbasic_policy.csv
ACL mit Superuserbasic_mit_root_model.confbasic_policy.csv
ACL ohne Benutzerbasic_without_users_model.confbasic_ohne Benutzer_policy.csv
ACL ohne Ressourcenbasic_without_resources_model.confbasic_ohne Ressourcen_policy.csv
RBACrbac_model.confrbac_policy.csv
RBAC mit Ressourcen-Rollenrbac_with_resource_roles_model.confrbac_with_resource_roles_policy.csv
RBAC mit Domänen/Mandantenrbac_with_domains_model.confrbac_mit_domains_policy.csv
ABACabac_model.confN/A
Ruhenkeymatch_model.confkeymatch_policy.csv
Verweigerung überschreibenrbac_with_no_deny_model.confrbac_mit_deny_policy.csv
Zulassen und verweigernrbac_with_deny_model.confrbac_mit_deny_policy.csv
Prioritätpriority_model.confpriority_policy.csv
Explizite Prioritätprioritär_model_explizitpriority_policy_explicit.csv
Betreff-Prioritättheme_priority_model.confpriority_policyl.csv