[rsbac] About ACCESS_CONTROL and SUPERVISOR rights
Amon Ott
ao at rsbac.org
Mon Jan 12 15:24:15 CET 2009
Am Sünnavend 10 Januor 2009 schrieb Javier J. Martínez Cabezón:
> If I have one rol named gerency_r that admin the roles Technician_r,
> nurses_r and Doctor_r, Technician_r has write_only rights to
> patient_data_t type, Doctor_r has read-write access granted to it and
> nurses_r only read-only.
> If secoff grants ACCESS_CONTROL right to patient_data to rol
> gerency_r then gerency_r could add or remove standard DAC rights
> access to all data from this type involving this three roles isn't it?
ACCESS_CONTROL is for granting normal RSBAC rights.
DAC rights would be MODIFY_PERMISSIONS_DATA and CHANGE_OWNER.
> If secoff grants SUPERVISOR right to patient_data type to rol
> gerency_r then gerency_r could add or remove any RSBAC rights access
> to this type involving this three roles. Is this correct?
SUPERVISOR allows to set or revoke the RC special rights like ACCESS_CONTROL
or SUPERVISOR itself.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list