Skip to content

11 Security‐ RBAC0, 1, 2: Roles and Permissions

Jump to bottom Edit New page
Prayag edited this page Nov 17, 2023 · 1 revision

Each role provides a set of permissions; individuals can be assigned to one or more roles, and then they receive these permissions.

The relationship between users and roles on the one hand, and between roles and permissions on the other hand, make it easier to assign permissions because individual users no longer have unique access privileges:

Practices

  • Use the Least-privilege Principle to Define RBAC Roles. Any access to additional actions and objects beyond the least privilege must be granted via RBAC roles.
  • You cannot “set and forget” an RBAC role, it should change as the business evolves.

Database Design

References

  1. https://frontegg.com/guides/role-based-access-control-best-practices
  2. https://www.getkisi.com/guides/role-based-access-control
  3. https://advertising.amazon.com/resources/whats-new/custom-access-controls
  4. https://advertising.amazon.com/API/docs/en-us/guides/account-management/permissions
  5. https://learn.microsoft.com/en-us/advertising/guides/account-hierarchy-permissions?view=bingads-13#user-roles-permissions
  6. https://help.criteo.com/kb/guide/en/managing-user-roles-KBEB6VmZp2/Steps/775610
  7. https://mysql.tutorials24x7.com/blog/guide-to-design-database-for-rbac-in-mysql
  8. https://github.com/tarasowski/backend/blob/master/dynamodb/005_role_based_access_control.md#role-based-access-control-rbac-database-schema-design-and-er-diagram
  9. https://medium.com/geekculture/role-based-access-control-rbac-model-7d8e7b7350d2
Add a custom footer
Add a custom sidebar
Clone this wiki locally