Anil Saldhana [
https://community.jboss.org/people/anil.saldhana] commented on the
document
"ManagementLayer RBAC"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-47854#comment-11653
--------------------------------------------------
I think access control should move beyond RBAC and be based on a combination of the
following:
a) User/Subject
b) User Attributes
c) Roles
d) Action
e) Environment (Including IP Address, Subnet, DateTime)
Ideally, it should be a Rules based framework. The policies/rules should not be embedded
within code but should externalize.
--------------------------------------------------