权限设计模式,它允许基于日期的访问 [英] Permissions design pattern that allows date-based access
问题描述
我在看的方式来实现我的应用程序的授权(未验证)方案。
I am looking at ways to implement an authorization (not authentication) scheme in my app.
有目前在系统中有两个作用:A和B,但是可以存在更多。用户只能有一个角色。
There are currently two roles in the system: A and B, but there may be more. User's only have one role.
基本上,我有它设置现在是有两个数据库表。一个是用于在模型基于角色的权限,而另一个是对特定的用户的基于权限。我想,这个方式,用户可以拥有一套基于其基于角色的权限默认权限,但他们也可以授予/撤消特定权限。
Basically, the I have it set up now is with two database tables. One is for role-based permissions on a model, and the other is for specific user-based permissions. I am thinking that this way, users can have a set of default permissions based on their role-based permissions, but then they can also have specific permissions granted/revoked.
因此,例如:
table: user_permissions
columns:
user_id: [int]
action: [string]
allowed: [boolean]
model_id: [int]
model_type: [string]
table: role_permissions
columns:
role: [int]
action: [string]
model_type: [string]
在 user_permissions 表中,允许字段指定的动作是否被允许与否,这样的权限可以如果该值为0被撤销。
In the user_permissions table, the allowed field specifies whether the action is allowed or not, so that permissions can be revoked if this value is 0.
在另一张表,我对每个动作的定义:
In another table, I have the definitions for each action:
table: model_actions
columns:
action: [string]
bitvalue: [int]
model_type: [string]
我这样做,所以,当我检查的模型权限,例如['创造','删除'],我可以使用按位与操作用户的权限比较我检查的权限。例如,一个X型可能具有以下model_actions:
I do this so that when I check permissions on a model, for example ['create', 'delete'], I can use a bitwise and operation to compare the user's permissions to the permissions I am checking. For example, a model X could have the following model_actions:
action: 'create'
bitvalue: 4
model_type: X
action: 'delete'
bitvalue: 2
model_type: X
action: 'view'
bitvalue: 1
model_type: X
如果我的用户/角色权限指定的创建,查看,并为X型号删除动作为1,0和1,分别为,那么这是一个基于<$ C $ psented为110重$ P $ C> model_actions 表。当我检查我是否可以创建模型X,我用的是创建4事实构建bitarray 100。如果110和100位与操作是100,那么许可是有效的。
If my user/role permissions specify that the create, view, and delete actions for the model X are 1, 0, and 1, respectively, then this is represented as 110 based on the model_actions table. When I check if I can create model X, I use the fact that create is 4 to construct the bitarray 100. If the bitwise AND operation of 110 and 100 is 100, then the permission is valid.
无论如何,我认为我有一个细化的权限设计模式想通了。如果没有,请随时来教育我关于这个问题的。
ANYWAY, I think I have a granular permissions design pattern figured out. If not PLEASE feel free to educate me on the subject.
我的问题的实际重点关注以下内容:
The actual focus of my question concerns the following:
我的一些机型有依赖于时间的行动。例如,您只能删除一个Y型的created_at日期后不超过24小时。
Some of my models have actions that are time-dependent. For example, you can only delete a model Y no more than 24 hours after its created_at date.
我在想什么就是当模型创建,将更新的日期的权限,这个时自动创建一个cron作业。在模型Y的情况下,我会想插入一条记录到user_permissions了撤销该模型的删除操作。
What I am thinking is to automatically create a cron job when the model is created that will update the permissions on the date that this occurs. In the case of model Y, I would want to insert a record into the user_permissions that revokes the 'delete' action of this model.
我的问题是:这是可取?
My question is: is this advisable?
如果我包括在SQL表中的另一行,用于指定权限翻转(flipDate)的日期是什么?如果一个flipDate被定义,并且,如果当前日期是倒装日期之后,许可是相反的。这似乎容易得多了一系列cron作业,特别是当模型可能会更新管理。
What if I include another row in the SQL tables, that specifies a date for the permission to 'flip' (flipDate)? If a flipDate is defined, and if the current date is after the flip date, the permission is reversed. This seems much easier to manage than a series of cron jobs, especially when models may be updated.
推荐答案
您似乎车型不错,但......你是重新发明轮子了一下,当你意识到你自己,你的模型是不够灵活,无法满足更多参数如:时间。
Your models seems fine, but... you are reinventing the wheel a bit and, as you realized yourself, your model is not flexible enough to cater for additional parameters e.g. time.
在授权的历史上,有一个传统的,被广泛接受的模式,称为基于角色的访问控制(RBAC)。这种模式运作非常良好,当你有一个明确的角色设定和这些角色之间的层次结构。
In the history of authorization, there is a traditional, well-accepted model, called role-based access control (RBAC). That model works extremely well when you have a clearly defined set of roles and a hierarchy between these roles.
然而,当层次不清晰或者有关系(例如医患关系),或者当有动态属性(如时间,地点,IP ...),RBAC不起作用好。一种新的模式出现了几年前被称为基于属性的访问控制(ABAC)。在某种程度上,这是一种进化还是RBAC的推广。与ABAC,您可以在属性来定义授权逻辑。属性是一组描述的用户,动作,资源,并在上下文键 - 值对。随着属性,可以描述任何数量的授权情况,如:
However, when the hierarchy isn't as clear or when there are relationships (e.g. a doctor-patient relationship) or when there are dynamic attributes (such as time, location, IP...), RBAC doesn't work well. A new model emerged a few years back called attribute-based access control (ABAC). In a way, it's an evolution or generalization of RBAC. With ABAC, you can define authorization logic in terms of attributes. Attributes are a set of key-value pairs that describe the user, the action, the resource, and the context. With attributes, you can describe any number of authorization situations such as:
- 医生当且仅当病人被分配到医生可以查看上午9时至下午五时病人的医疗记录
- 护士可以编辑当且仅当患者属于相同诊所的护士一患者的医疗记录。
ABAC让什么人可以称之为PBAC或基于策略的访问控制,因为现在的授权逻辑从专有code和数据库方案移开到一组集中管理的政策。这些政策的事实标准是XACML,即可扩展访问控制标记语言。
ABAC enables what one could call PBAC or policy-based access control since now the authorization logic moves away from proprietary code and database schemes into a set of centrally managed policies. The de-facto standard for these policies is XACML, the eXtensible Access Control Markup Language.
在简单地说,XACML让你做你是在技术中立的方式找什么,在分离,外部化的方式。这意味着,你要一次定义的授权和执行它无处不它很重要。
In a nutshell, XACML lets you do what you are looking for in a technology-neutral way, in a decoupled, externalized way. It means, you get to define authorization once and enforce it everywhere it matters.
我建议你检查出的话题这些伟大的资源:
I recommend you check out these great resources on the topic:
- 在RBAC(老型号),NIST的网站
- 在ABAC NIST的网站(您需要的型号)
- 在OASIS XACML技术委员会网站(实现ABAC标准)
- Gartner的外部化授权管理
- Kuppinger科尔的动态授权管理
-
- NIST's website on RBAC (the older model)
- NIST's website on ABAC (the model you need)
- the OASIS XACML Technical Committee website (the standard that implements ABAC)
- Gartner's Externalized Authorization Management
- Kuppinger Cole's Dynamic Authorization Management
- The ALFA plugin for Eclipse, a tool to write attribute-based policies.
这篇关于权限设计模式,它允许基于日期的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
