Casbin RBAC vs. RBAC96
Casbin RBAC et RBAC96
This document compares Casbin RBAC with RBAC96.
Casbin RBAC implements nearly all RBAC96 features while adding enhancements.
| Version RBAC | Niveau de support | Description |
|---|---|---|
| RBAC0 | Entièrement pris en charge | RBAC0 provides basic RBAC96 functionality, defining relationships between Users, Roles, and Permissions. |
| RBAC1 | Entièrement pris en charge | RBAC1 extends RBAC0 with role hierarchies. When alice has role1 and role1 has role2, then alice inherits role2 and its permissions. |
| RBAC2 | Gestion des exclusivités mutuelles prise en charge (comme ceci) | RBAC2 adds constraints to RBAC0, enabling mutually exclusive policy handling. Quantitative limits are unsupported. |
| RBAC3 | Gestion des exclusivités mutuelles prise en charge (comme ceci) | RBAC3 combines RBAC1 and RBAC2, supporting both role hierarchies and constraints. Quantitative limits are unsupported. |
La différence entre Casbin RBAC et RBAC96
-
Casbin handles User-Role distinction less strictly than RBAC96.
Casbin treats both Users and Roles as strings. Consider this policy:
p, admin, book, read
p, alice, book, read
g, amber, adminCalling
GetAllSubjects()on a Casbin Enforcer:e.GetAllSubjects()returns:
[admin alice]Casbin includes both Users and Roles as subjects.
However, calling
GetAllRoles():e.GetAllRoles()returns:
[admin]Casbin distinguishes Users from Roles, but less strictly than RBAC96. Add prefixes like
user::aliceandrole::adminto clarify relationships. -
Casbin RBAC offers more flexible permissions than RBAC96.
RBAC96 defines seven permissions: read, write, append, execute, credit, debit, and inquiry.
Casbin treats permissions as strings, letting you define permissions matching your requirements.
-
Casbin RBAC prend en charge les domaines.
Casbin enables domain-based authorization, providing greater Access Control Model flexibility.