Lewati ke konten utama

Super Admin

The Super Admin represents the system-wide administrator. This concept can be applied in models such as RBAC, ABAC, and RBAC with domains. Here is a detailed example:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"

This example demonstrates how Casbin evaluates whether a request matches a policy using the defined request_definition, policy_definition, policy_effect, and matchers. The key check is whether the sub equals "root". When this condition is true, authorization is granted, allowing the user to perform any action.

Similar to the root user in Linux systems, a user with root privileges can access all files and modify all settings. To grant a subject complete system access, assign it the Super Admin role, which provides unrestricted permissions across the entire system.