Role based access control to the AS7 management layer.
When defining an RBAC model, the following conventions are useful:
- S = Subject = A person or automated agent
- R = Role = Job function or title which defines an authority level
- P = Permissions = An approval of a mode of access to a resource
Generic Requirements
- Provide a usable (in terms of complexity), yet comprehensive base model
- Provide a set of out-of-the-box roles & permissons that reflect common authorization requirements
- Allow to customizations/extension of the default scheme (i.e custom permissions, permission granularity)
Specific Requirements
- Provide an authorization scheme that distinguishes structural & behavioural permission:
> structural permissions: control access to resources (i.e. restrict visibility of server groups)
> behavioural permission: control execution on resources (i.e. lock down certain operations, distinguish read & read/write access)
Advanced Use Cases / Considerations
- Context based access control: i.e. Taking the connection into consideratin
- Support for role hierarchies: i.e. structuring roles to reflect an organizations lines of authority and responsibility
- Role constraints: i.e. mutual exclusive roles
- RBAC to manage RBAC itself
structuring roles to re ect an organiza tion s lines of authority and resp onsibility