Casbin RBAC vs. RBAC96
Casbin RBAC과 RBAC96
This document compares Casbin RBAC with RBAC96.
Casbin RBAC implements nearly all RBAC96 features while adding enhancements.
| RBAC 버전 | 지원 수준 | 설명 |
|---|---|---|
| RBAC0 | 완전히 지원됨 | RBAC0 provides basic RBAC96 functionality, defining relationships between Users, Roles, and Permissions. |
| RBAC1 | 완전히 지원됨 | RBAC1 extends RBAC0 with role hierarchies. When alice has role1 and role1 has role2, then alice inherits role2 and its permissions. |
| RBAC2 | 상호 배타적 처리 지원됨 (이렇게) | RBAC2 adds constraints to RBAC0, enabling mutually exclusive policy handling. Quantitative limits are unsupported. |
| RBAC3 | 상호 배타적 처리 지원됨 (이렇게) | RBAC3 combines RBAC1 and RBAC2, supporting both role hierarchies and constraints. Quantitative limits are unsupported. |
Casbin RBAC과 RBAC96의 차이점
-
Casbin handles User-Role distinction less strictly than RBAC96.
Casbin treats both Users and Roles as strings. Consider this policy:
p, admin, book, read
p, alice, book, read
g, amber, adminCalling
GetAllSubjects()on a Casbin Enforcer:e.GetAllSubjects()returns:
[admin alice]Casbin includes both Users and Roles as subjects.
However, calling
GetAllRoles():e.GetAllRoles()returns:
[admin]Casbin distinguishes Users from Roles, but less strictly than RBAC96. Add prefixes like
user::aliceandrole::adminto clarify relationships. -
Casbin RBAC offers more flexible permissions than RBAC96.
RBAC96 defines seven permissions: read, write, append, execute, credit, debit, and inquiry.
Casbin treats permissions as strings, letting you define permissions matching your requirements.
-
Casbin RBAC은 도메인을 지원합니다.
Casbin enables domain-based authorization, providing greater Access Control Model flexibility.