Skip to content
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.

Role Based Access Control #48

Closed
mustafa-qamaruddin opened this issue Jun 20, 2016 · 3 comments
Closed

Role Based Access Control #48

mustafa-qamaruddin opened this issue Jun 20, 2016 · 3 comments

Comments

@mustafa-qamaruddin
Copy link

Hello,

Are the permissions assigned to the user? In a Role Based Access Control should not permissions be assigned to roles and users assigned to roles. Then, users are granted these permission through the roles. Or what is the point to assign both roles and permissions directly to the user?

A link explaining why it is so:
https://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/

Thank you,
@silverbux
Copy link
Owner

silverbux commented Jun 21, 2016
edited
Loading

At the current approach yes permissions are assigned to roles and users are assigned to roles.
in terms of why assign both roles and permission to users, i guess its case to case basis
for instance you have an analytics.admin and content.writers.admin, there are cases like content.writers want to see from analytics which contents are popular but you dont want to give full permission to the entire analytics module.

but this havent been implemented yet, but with the way bican/roles been coded this is possible and its up to the coder how to implement this as well, it's just that the goal is to make it more flexible as possible.

@mustafa-qamaruddin
Copy link
Author

mustafa-qamaruddin commented Jun 21, 2016
edited
Loading

Dear Alex,

Thank you for the clarification. It's indeed more flexible.

Regards,

@silverbux
Copy link
Owner

np 😉

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@silverbux @mustafa-qamaruddin