Supported Models

ACL (访问控制列表)
带有超级用户的ACL
无用户的ACL：这对于没有身份验证或用户登录的系统特别有用。
无资源的ACL：在某些情况下，目标是一种资源类型，而不是单个资源。可以使用像"write-article"和"read-log"这样的权限。这并不控制对特定文章或日志的访问。
RBAC (基于角色的访问控制)
带有资源角色的RBAC：用户和资源同时可以拥有角色（或组）。
带有域/租户的RBAC：用户可以为不同的域/租户拥有不同的角色集。
ABAC (基于属性的访问控制)：可以使用类似"resource.Owner"的语法糖来获取资源的属性。
BLP (Bell-LaPadula): A formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects.
Biba (Biba Integrity Model): A computer security model that restricts information flow in a system to prevent unauthorized disclosure of classified information.
LBAC (Lattice-Based Access Control): A formal access control model that combines confidentiality and integrity controls in a unified framework, implementing a lattice structure for granular access control decisions.
RESTful：支持像"/res/*"，"/res/:id"这样的路径，以及像"GET"，"POST"，"PUT"，"DELETE"这样的HTTP方法。
IP Match: Supports IP address matching for network-based access control.
拒绝优先：同时支持允许和拒绝授权，其中拒绝优先于允许。
优先级：策略规则可以设置优先级，类似于防火墙规则。

示例

模型	模型文件	策略文件
ACL	basic_model.conf	basic_policy.csv
带有超级用户的ACL	basic_with_root_model.conf	basic_policy.csv
无用户的ACL	basic_without_users_model.conf	basic_without_users_policy.csv
无资源的ACL	basic_without_resources_model.conf	basic_without_resources_policy.csv
RBAC	rbac_model.conf	rbac_policy.csv
带资源角色的RBAC	rbac_with_resource_roles_model.conf	rbac_with_resource_roles_policy.csv
带有域/租户的RBAC	rbac_with_domains_model.conf	rbac_with_domains_policy.csv
ReBAC	rebac_model.conf	rebac_policy.csv
ABAC	abac_model.conf	N/A
BLP	blp_model.conf	N/A
Biba	biba_model.conf	N/A
LBAC	lbac_model.conf	N/A
IP Match	ipmatch_model.conf	ipmatch_policy.csv
RESTful	keymatch_model.conf	keymatch_policy.csv
拒绝覆盖	rbac_with_not_deny_model.conf	rbac_with_deny_policy.csv
允许和拒绝	rbac_with_deny_model.conf	rbac_with_deny_policy.csv
优先级	priority_model.conf	priority_policy.csv
明确的优先级	priority_model_explicit	priority_policy_explicit.csv
主题优先级	subject_priority_model.conf	subject_priority_policyl.csv

示例​

示例