Casbin

Casbin

  • 문서
  • API
  • 편집기
  • IDE Plugins
  • Single Sign-On (SSO)
  • Forum
  • 도움말
  • 블로그
  • Pricing
  • Contact Sales
  • Languages icon한국어
    • English
    • 中文
    • Русский
    • Français
    • Deutsch
    • 日本語
    • 번역 참여하기
  • GitHub

›모델

기초

  • 개요(Overview)
  • 시작하기
  • 작동 원리
  • 자습서

모델

  • 지원하는 접근 제어 모델
  • 모델(Model) 문법
  • Effector
  • 함수
  • RBAC
  • RBAC with Pattern
  • RBAC + 도메인
  • Casbin RBAC v.s. RBAC96
  • ABAC
  • Priority Model
  • Super Admin

저장소

  • 모델(Model) 저장
  • 정책(Policy) 저장
  • 정책(Policy) 부분 집합 불러오기

확장 기능

  • Enforcers
  • 어댑터
  • 감시자
  • Dispatchers
  • 역할(Role) 관리자
  • 미들웨어
  • GraphQL Middlewares
  • Cloud Native Middlewares

API

  • API Overview
  • Management API
  • RBAC API
  • RBAC with Domains API
  • RoleManager API
  • Data Permissions

고급 사용법 (Advanced usage)

  • 멀티 스레딩
  • 벤치마크
  • Performance Optimization
  • Authorization of Kubernetes
  • Authorization of Service Mesh through Envoy

관리

  • 관리자 포탈
  • Casbin 서비스
  • 로깅 및 오류 처리
  • Frontend Usage

Editor

  • 온라인 편집기
  • IDE Plugins

자세히

  • Casbin 적용 사례
  • Contributing
  • Privacy Policy
  • Terms of Service
Translate

Casbin RBAC v.s. RBAC96

Casbin RBAC and RBAC96

In this document, we'll compare Casbin RBAC with RBAC96.

Casbin RBAC supports almost all the features of RBAC96, and added new features above that.

RBAC versionSupport LevelDescription
RBAC0fully supportedRBAC0 is the basic version of RBAC96. It clarified the relationship between Users, Roles and Permissions.
RBAC1fully supportedRBAC1 added role hierarchies on RBAC0, meaning if alice has role1, role1 has role2, then alice will also have role2 and inherit its permissions.
RBAC2mutually exclusive handling is supported (like this), but quantitative limits are notRBAC2 added constrains on RBAC0. So RBAC2 can handle mutually exclusions found in policies.
RBAC3mutually exclusive handling is supported (like this), but quantitative limits are notRBAC3 is a combination of RBAC1 and RBAC2. RBAC3 supports role hierarchies and constrains in RBAC1 and RBAC2.

Difference between Casbin RBAC and RBAC96

  1. In Casbin, the distinction between User and Role is not clear

    In Casbin, both the User and the Role are treated as strings. If you wrote a policy file like this:

    p, admin, book, read
    p, alice, book, read
    g, amber, admin
    

    and call method GetAllSubjects() like this (e is an instance of Casbin Enforcer):

    e.GetAllSubjects()
    

    then you will get the return value below:

    [admin alice]
    

    Because in Casbin, Subjects included Users and Roles.

    However, if you call method GetAllRoles() like this:

    e.GetAllRoles()
    

    then you will get the return value below:

    [admin]
    

    And now you know there is a distinction between Users and Roles in Casbin, but is not as sharp as in RBAC96. Of course you can add some prefix to your policies like user::alice, role::admin to clarify their relationships.

  2. Casbin RBAC provides more permissions than RBAC96

    Only 7 permissions are defined in RBAC96: read, write, append, execute, credit, debit, inquiry.

    However, in Casbin, we treat permissions as strings. This way, you can create some permissions suit you better.

  3. Casbin RBAC supports domains

    In Casbin, you can do authorizations by domains. This feature made your Access Control Model more flexible.

← RBAC + 도메인ABAC →
  • Casbin RBAC and RBAC96
  • Difference between Casbin RBAC and RBAC96
Casbin
Docs
Getting StartedManagement APIRBAC APIMiddlewares
Community
Who's using Casbin?Stack Overflow
Casbin          jCasbin
Node-Casbin   PHP-CasbinPyCasbin          Casbin.NETCasbin-CPP        Casbin-RS
Follow @casbinHQ
Copyright © 2022 Casbin Organization