Role-Based Access Control
-o0O0o-
How to restrict access based on user roles within an organization?
-o0O0o-
Model Format
Visual Paradigm
Advantages
- RBAC systems prevent from giving more permissions than needed.
- Minimizes the risk of unauthorized access by limiting permissions to specific roles.
- Roles can be added or modified without changing individual user permissions.
Disadvantages
- As the number of roles increases, managing them effectively can become complex.
- If roles are not carefully designed, users may end up with more privileges than needed.
Code Examples
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
import java.util.HashSet; import java.util.Set; // Class representing the Role class Role { private String roleName; private Set<String> permissions; public Role(String roleName) { this.roleName = roleName; this.permissions = new HashSet<>(); } public String getRoleName() { return roleName; } public void addPermission(String permission) { permissions.add(permission); } public boolean hasPermission(String permission) { return permissions.contains(permission); } // Additional methods for managing roles… } // Class representing the User class User { private String userName; private Set<Role> roles; public User(String userName) { this.userName = userName; this.roles = new HashSet<>(); } public void assignRole(Role role) { roles.add(role); } public boolean hasPermission(String permission) { for (Role role : roles) { if (role.hasPermission(permission)) { return true; } } return false; } // Additional methods for managing users… } // RBAC Manager (Singleton with Lazy Initialization) class RBACManager { private static RBACManager instance; private Set<User> users; private Set<Role> roles; // Private constructor to prevent direct instantiation private RBACManager() { users = new HashSet<>(); roles = new HashSet<>(); } // Lazy initialization method to get the instance of RBACManager public static synchronized RBACManager getInstance() { if (instance == null) { instance = new RBACManager(); } return instance; } public void addUser(User user) { users.add(user); } public void addRole(Role role) { roles.add(role); } public User getUser(String userName) { for (User user : users) { if (user.userName.equals(userName)) { return user; } } return null; } public Role getRole(String roleName) { for (Role role : roles) { if (role.getRoleName().equals(roleName)) { return role; } } return null; } // Additional methods for RBAC management… } public class RBACExample { public static void main(String[] args) { RBACManager rbacManager = RBACManager.getInstance(); // Creating roles Role adminRole = new Role(“Admin”); adminRole.addPermission(“CREATE”); adminRole.addPermission(“DELETE”); Role userRole = new Role(“User”); userRole.addPermission(“READ”); // Adding roles to the RBAC Manager rbacManager.addRole(adminRole); rbacManager.addRole(userRole); // Creating users and assigning roles User admin = new User(“Alice”); admin.assignRole(adminRole); rbacManager.addUser(admin); User user = new User(“Bob”); user.assignRole(userRole); rbacManager.addUser(user); // Checking permissions System.out.println(“Does Alice have CREATE permission? “ + admin.hasPermission(“CREATE”)); System.out.println(“Does Bob have DELETE permission? “ + user.hasPermission(“DELETE”)); } } |