Reading Class 34: Login and Auth - mwilkin-401-advanced-javascript/bend-javascript-401d2 GitHub Wiki
What is rbac?
Role Based Access Control is the idea of assigning access to users based on their role in an organization.
- Every user may have differing roles, differing capabilities and therefore different access.
- Capabilities are actions such as read, write, update and delete; typical CRUD activities.
Utilizing RBAC to support and enable login authentication and authorization is a common and effective pattern for ensuring security and control.
This system provides a way to grant tiered levels of access and capabilities to end-users that are appropriate for their user needs.
Typically, users are grouped them into roles based on common responsibilities and needs. You then assign one or more roles to each user and one or more permissions to each role.
Management can be narrowed down to the individual or to groups or both. It is conceivable that a user may be members of multiple groups, either on a permanent or temporary basis.
Benefits:
- The assignment of access rights becomes systematic and repeatable.
- Easy to audit user access
- Easy to implement
- Ongoing management is easy and secure
- Decrease risk of breaches and data leakage
- Establishes an easy way to ensure compliance for statutory and regulatory requirements for privacy and confidentiality which is necessary in certain sectors such as healthcare and financial.