Authorization Management

Role-based access control (RBAC), which refers to the authorization of privileges to users through their roles (Role), enables more flexible access control and is simpler, more efficient, and more scalable than granting privileges directly to users.

For example, the user system has Admin, Maintainer, Operator three roles, these three roles have different permissions . For example, only Admin has the permission to create code repository, delete code repository, the other roles do not have.

Attribute-Based Access Control (ABAC) is a very flexible authorization model. Unlike RBAC, ABAC uses various attributes to dynamically determine whether an operation can be allowed.

Authorize editing privileges for Editor A for a specific book.

Granting a user access to a document when the document belongs to the same department as the user's department.

Prohibit people from department A from accessing system B until 9:00 a.m.

Prohibit access to System A as an administrator in places other than Shanghai.

Overall, you can granularly authorize the circumstances under which a resource has a particular permission.

In Authing's permission system, we implement the RBAC model of role permission inheritance through two kinds of objects: user and role, and on top of that, we can dynamically and granularly authorize around attributes, thus realizing the ABAC permission model.

At the same time, in order to meet the design requirements of complex organizational structures in large systems, we combine resources, roles, and permissions into a unified permission grouping, which is convenient for developers to manage.