How to apply an ACL to restrict access to a collection?

B

bushart2015-09-18 12:56:40

Programming

bushart, 2015-09-18 12:56:40

I fasten on the ACL project. With most scenarios, the use is clear - do not allow action buttons to be displayed and prevent the execution of prohibited actions. But with more complex scenarios, problems already arise. For example, I have a list of users and manager roles at different levels - Country, City, Office. So, each such manager should have access to the list of users of his location, i.e. Office manager only to users of his office, and City manager only to the list of users of his city. I here cannot understand in any way how to describe rules of this kind in the context of ACL.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vasily, 2015-09-18
@vsadm

In general, for the design of access systems, it is useful to be guided by the principles of the Orange Book . In your case (without knowing all the boundary conditions), the system can be represented as:
That is, a user with the City Manager role has permissions for the "full control" group over the "users with city ID such and such" group of objects.
The specific implementation depends very much on what kind of platform you have, and what ready-made libraries are available for it.