12 Jan 2009 15:24
Re: About ACCESS_CONTROL and SUPERVISOR rights
Amon Ott <ao <at> rsbac.org>
2009-01-12 14:24:15 GMT
2009-01-12 14:24:15 GMT
Am Sünnavend 10 Januor 2009 schrieb Javier J. Martínez Cabezón: > If I have one rol named gerency_r that admin the roles Technician_r, > nurses_r and Doctor_r, Technician_r has write_only rights to > patient_data_t type, Doctor_r has read-write access granted to it and > nurses_r only read-only. > If secoff grants ACCESS_CONTROL right to patient_data to rol > gerency_r then gerency_r could add or remove standard DAC rights > access to all data from this type involving this three roles isn't it? ACCESS_CONTROL is for granting normal RSBAC rights. DAC rights would be MODIFY_PERMISSIONS_DATA and CHANGE_OWNER. > If secoff grants SUPERVISOR right to patient_data type to rol > gerency_r then gerency_r could add or remove any RSBAC rights access > to this type involving this three roles. Is this correct? SUPERVISOR allows to set or revoke the RC special rights like ACCESS_CONTROL or SUPERVISOR itself. Amon. -- -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
RSS Feed