469,364 Members | 2,332 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,364 developers. It's quick & easy.

Role-based Access Control (RBAC)

Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 28 '06 #1
5 4066
Michael Vilain <vi****@spamcop.netwrites:
In article <pc*************@panix1.panix.com>,
Lewis Perin <pe***@panix.comwrote:
Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.

If you're running php scripts in the command line rather than on a
web-server, you might benefit from running from within RBAC (on Solaris,
no?) or sudo (close enough to have 7 alleals in common).

But if you're running from the web, your process runs under the web
server's UID. I fail to see how RBAC might help in that situation.
I didn't mean RBAC, the Solaris concept of fine-grained superuser
privileges; I meant RBAC, the more general concept of role-based
access control, in this case applied to the user roles, operations,
and resources within a Web-based PHP application.
What are you attempting to achieve here rather than asking about a
specific solution?
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.

(By being this abstract, I'm not trying to be mysterious; I'm just
trying to state the problem clearly.)

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 28 '06 #2
hmm
In article <vi**************************@comcast.dca.giganews .com>,
vi****@spamcop.net says...

To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.
group privileges ?
Nov 29 '06 #3

If you can somehow export the privileges (and roles, if existing)
structure to a text file, you can use Eurekify's software to analyze
it, engineer/re-engineer the roles, cleanup, check for compliance, etc.
Take a look at http://www.eurekify.com

hm*@eh.com wrote:
In article <vi**************************@comcast.dca.giganews .com>,
vi****@spamcop.net says...
>
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.

group privileges ?
Nov 29 '06 #4
hm*@eh.com writes:
In article <vi**************************@comcast.dca.giganews .com>,
vi****@spamcop.net says...
>
To control different types of users' (that is, users of the application
- nothing in particular to do with users known to the OS) access to
different operations on different subsets of the data under the
application's jurisdiction.
Actually, that was me.
group privileges ?
You might call it that, but please see above.

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 29 '06 #5
Lewis Perin <pe***@panix.comwrites:
Is anyone aware of robust software, suited to a preexisting PHP
application, that handles permissions for various types of requests by
role rather than user ID? I'm speaking of maintaining/editing the
permissions and deciding on the requests, but either "half" of the
solution might be useful.

Sorry, but adopting a whole application framework is out of the question.
Cringing about following up my own post, I wonder if anyone out there
can talk from experience about using LiveUser?

/Lew
---
Lew Perin / pe***@acm.org
http://www.panix.com/~perin/babelcarp.html
Nov 29 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Thom Little | last post: by
2 posts views Thread by John Yopp | last post: by
1 post views Thread by CK | last post: by
7 posts views Thread by monty | last post: by
2 posts views Thread by Anthony Smith | last post: by
reply views Thread by zhoujie | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.