Поддерживаемые модели
- ACL (список контроля доступа)
- ACL с суперпользователем
- ACL without users: This is especially useful for systems that don't have authentication or user logins.
- ACL without resources: In some scenarios, the target is a type of resource instead of an individual resource. Permissions like "write-article" and "read-log" can be used. This doesn't control access to a specific article or log.
- RBAC (контроль доступа, основанный на ролях)
- RBAC with resource roles: Both users and resources can have roles (or groups) at the same time.
- RBAC with domains/tenants: Users can have different sets of roles for different domains/tenants.
- ABAC (Attribute-Based Access Control): Syntax sugar like "resource.Owner" can be used to get the attribute for a resource.
- RESTful: Supports paths like "/res/*", "/res/:id", and HTTP methods like "GET", "POST", "PUT", "DELETE".
- Deny-override: Both allow and deny authorizations are supported, where deny overrides allow.
- Priority: The policy rules can be prioritized, similar to firewall rules.
Примеры
Модель | Файл модели | Файл политики |
---|---|---|
ACL | basic_model.conf | basic_policy.csv |
ACL с суперпользователем | conf с root_model.conf | basic_policy.csv |
ACL без пользователей | basic_without_users_model.conf | basic_without_users_policy.csv |
ACL без ресурсов | basic_without_resources_model.conf | basic_without_resources_policy.csv |
RBAC | rbac_model.conf | rbac_policy.csv |
RBAC с ролями ресурсов | rbac_with_resource_roles_model.conf | rbac_with_resource_roles_policy.csv |
RBAC с доменами/арендаторами | rbac_with_domains_model.conf | rbac_with_domains_policy.csv |
АДАТ | abac_model.conf | Н/Д |
Восстановленный | keymatch_model.conf | keymatch_policy.csv |
Запретить переопределение | rbac_with_not_deny_model.conf | rbac_with_deny_policy.csv |
Замедлить и запретить | конф rbac_с отрицанием | rbac_with_deny_policy.csv |
Приоритет | приоритет_модель.conf | приоритет_policy.csv |
Невероятный Приоритет | priority_model_explicit | priority_policy_explic.csv |
Предмет - Приоритет | subject_priority_model.conf | subject_priority_policyl.csv |