0

I am trying to implement RBAC to a system but I endup creating an ACL instead due to my low understanding of this archtecture.

What I already have implemented:

  • Created User model.
  • Created Groups with different permissions from User model.
  • Designated each user to each group based on their permissions.

For instance, there are two groups, one is the admin_group with create, delete, view and change permissions for the User model. The second one is the àpplicant_group` with only view and create permissions, also for the User model.

My question is, if I added roles to the User model and assign each role for each group, will it be a role-based-access-control archtecture or it will still as ACL?

What are the steps I should implement to provide a simple rbac from acl or it is not possible?

Elias Prado
  • 109
  • 3
  • 1
    Might get more response on security.stackexchange.com. A model can be limited RBAC and ACL at the same time. – joshp May 31 '21 at 21:54
  • Thank you for your comment @joshp. I will keep studying here since I dont get a bright idea. – Elias Prado Jun 03 '21 at 17:37

0 Answers0