Role-based security implementation in LDAP

前端 未结 3 2140
野趣味
野趣味 2021-02-15 23:26

I\'m working on role-based security implementation in LDAP and Java. Specifically, I have the following objects that I need to represent in LDAP:

  • Users
  • Co
3条回答
  •  后悔当初
    2021-02-16 00:04

    One more option: check out attribute-based access control (abac). ABAC is an evolution of RBAC. It uses attributes (which are labels about the user, the resource, the context) and policies to determine what is allowed and what isn't.

    Example: A user with the role==manager in the department==sales can do the action==edit on a document of type==purchase order if the PO's amount<=the user's approval limit.

    You can read more on ABAC at the NIST website.

提交回复
热议问题