Types
A type is an identifier that characterizes a resource for access control purposes. This identifier can be associated with a resource by using Rbac class policies.
A type can be associated with a subject (such as an entity) and with the object of an action (such as a file).
The list of types is statically defined in the class object configuration.
Permissions
A permission is an identifier of a certain action or actions.
The list of permissions is statically defined in the class object configuration.
Roles
A role is a permissions matrix that describes which permissions are granted to domains of one type (subjects) when they query domains of a different type (objects). In other words, a role determines the binary relation for a set of types.
The list of roles is statically defined in the class object configuration.
Limitations/rules for operations
The Rbac policy class provides policies for creating subjects and objects, and for changing the object type and adding new roles to a subject.
Each of these operations has limitations and rules that are statically defined in the class object configuration.
Page top