Reading notes about code for my future reference.
Is the concept of assigning system access to users based on their role within an organization. We care so because it allow there to be a restrictions on the certain access a user has the ability to access.
A role hierachy that I would implement would be between the customer who can only read, employee deletes and reads, and the manager would be able to read, create, delete, and update.
You will need to evaluate your workforce and certain roles, and make it where you can adjust and modify roles ass needed.
Authorization is essential the you hold the credentials to perform this action.
According to wikipedia these are the following rules.
Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role.
Role authorization: A subject’s active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.
Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized.
Role based access control is essentially the same concept between an employee and a manager, a manager has the ability to write schedules and fire and hire people, while an employee can only do certain tasks like only their role for example!
It asscociated with the Role that they carry, this is so that if someone changes roles or leaves the authorization can be revoked.
After the user is authenicated the server will give them their role based privilege.
This makes it easy to keep track of whos performing what, perfect for audits, management and overall saving time.
To be prepared for implementation of proper RBAC so I have familiarity in the workforce.