Role Inheritance

Last modified by RaffaelloPelagalli on 2006/12/11 17:55

Role Inheritance

Why Role inheritance?

Through role inheritance you can easily compose roles based on other roles. This way you do not need redo work and any changes on one base role affects all roles that inherit from it, making maintenance easy. Role inheritance is a good feature to represent your company or system hierarchy.

General and Limited Role Inheritance

The literature about the RBAC model defines two types of role hierarchy: limited and general. The basic difference between these two types is the number of fathers allowed to one role.

  • In the limited hierarchy, the hierarchy works like a tree and one role can inherit just from one role.
  • The general hierarchy allow multiple fathers, so you can inherit from multiple roles to create one new role.
You can find a lot of usefull information about the RBAC model and Role Hierarchy from the NIST site.

About descendant and ascendant

RBAC standard defines the notion of Ascendant and Descendant.

people have different interpretation about Ascendant and Descendant.

the RBAC one is: an Ascendant inherit from its Descendants their permissions.

so, an Ascendant has more permissions than its descendants.

Created by diabolo512 on 2006/02/09 14:36

jGuard team copyright 2004-2009