CIAM 102:授权与基于角色的访问控制
组织和租户非常适于对身份进行分组,但它们导致了一种绝对的民主:在这个系统中,每个人都可以做任何事情。虽然乌托邦仍然是一个谜,让我们看一下访问的治理:授权(AuthZ)。
Founder
背景
在前一篇文章中,我们介绍了认证(AuthN)和授权(AuthZ)的概念,以及一些令人头痛的术语:身份,组织,租户等。
组织和租户非常适合对身份进行分组,但它们通向绝对的民主:在这个系统中,每个人都可以做任何事情。虽然乌托邦仍是一个谜,让我们看一下访问的治理:授权(AuthZ)。
为什么我们需要授权?
Notion 是一个很好的例子。对于你拥有的每一个页面,你可以选择让它私有,只有你可以访问,或者与朋友分享,甚至公开。
或者,对于一个在线书店,你希望每个人都能看到所有的书,但是客户只看他们自己的订单,和卖家只管理他们商店里的书。
AuthZ 和 AuthN 是复杂业务模型的必要组成部分。它们通常并肩作战;AuthZ 验证用户的访问,而 AuthN 对身份进行认证。两者对于一个安全的系统都是必要的。
基本的授权模型
这是最常见的 AuthZ 模型之一:如果身份对资源执行动作,那么接受或被拒。
在 Notion 的例子中,模型是个人对页面执行查看。
如果页面是私有的:
- 当你对你的页面执行查看时,你将收到接受。
- 所有其他人当对你的页面执行查看时,应该收到被拒。
基于共识,业界开发了各种授权技术,如基于角色的访问控制(RBAC),基于属性的访问控制(ABAC)。今天,我们将关注NIST RBAC 模型级别1:Flat RBAC。
基于角色的访问控制
让我们扩展书店的例子。假设我们有很多客户,但只有一个卖家:
- 客户可以查看和订购书籍,以及查看他们自己的订单。
- 卖家可以查看,创建和删除书籍,并管理客户订单。
定义资源
在 Logto 中,资源(即 API 资源)通常代表一组实体或项目,因为需要使用有效的 URL 作为指示器。因此我们定义了两个资源:
- 书籍:
https://api.bookstore.io/books - 订单:
https://api.bookstore.io/orders
强制使用 URL 格式的一个优点是它可以映射到你 API 服务的实际地址,当与系统中的其他组件集成时,可以提高可读性和可识别性。
定义权限
由于我们引入了资源的概念,在 Logto 中,我们还强制要求权限必须属于资源,反之,资源可以拥有权限。
让我们为资源添加一些权限:
- 书籍:
read,create,delete - 订单:
read,read:self,create:self,delete
尽管没有权限名称的要求,我们有以下约定:
<action> 要求描述一个权限,:<target> 可以忽略描述一个通用目标,即对资源中的所有实体或项目。例如:
- 书籍资源中的权限
read表示读取任意书籍的动作。 - 订单资源中的权限
create:self表示创建属于当前用户的订单的动作。
定义角色
简单来说,一个角色就是一组权限。让我们创建两个角色 customer 和 seller 并把权限分配给它们如下:
%3bopacity:0.7%3bbackground-color:hsl(80%2c 100%25%2c 96.2745098039%25)%3b%7d%23mermaid-0 .relationshipLabelBox rect%7bopacity:0.5%3b%7d%23mermaid-0 .relationshipLine%7bstroke:%23333333%3b%7d%23mermaid-0 .entityTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 %23MD_PARENT_START%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-0 %23MD_PARENT_END%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg/%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='240' markerWidth='190' refY='7' refX='0' id='MD_PARENT_START'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='28' markerWidth='20' refY='7' refX='19' id='MD_PARENT_END'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='0' id='ONLY_ONE_START'%3e%3cpath d='M9%2c0 L9%2c18 M15%2c0 L15%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='18' id='ONLY_ONE_END'%3e%3cpath d='M3%2c0 L3%2c18 M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='0' id='ZERO_OR_ONE_START'%3e%3ccircle r='6' cy='9' cx='21' fill='white' stroke='gray'/%3e%3cpath d='M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='30' id='ZERO_OR_ONE_END'%3e%3ccircle r='6' cy='9' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c0 L21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='18' id='ONE_OR_MORE_START'%3e%3cpath d='M0%2c18 Q 18%2c0 36%2c18 Q 18%2c36 0%2c18 M42%2c9 L42%2c27' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='27' id='ONE_OR_MORE_END'%3e%3cpath d='M3%2c9 L3%2c27 M9%2c18 Q27%2c0 45%2c18 Q27%2c36 9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='18' id='ZERO_OR_MORE_START'%3e%3ccircle r='6' cy='18' cx='48' fill='white' stroke='gray'/%3e%3cpath d='M0%2c18 Q18%2c0 36%2c18 Q18%2c36 0%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='39' id='ZERO_OR_MORE_END'%3e%3ccircle r='6' cy='18' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c18 Q39%2c0 57%2c18 Q39%2c36 21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cg transform='translate(20%2c41 )' id='entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c'%3e%3crect height='87' width='157.57363891601562' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(78.78681945800781%2c12)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c' class='er entityLabel'%3eRole-Customer%3c/text%3e%3crect height='21' width='59.265625' y='24' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='24' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='57.167388916015625' y='24' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='45' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='45' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='57.167388916015625' y='45' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-comment' class='er entityLabel'%3eread:self%3c/text%3e%3crect height='21' width='59.265625' y='66' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='66' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='57.167388916015625' y='66' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-comment' class='er entityLabel'%3ecreate:self%3c/text%3e%3c/g%3e%3cg transform='translate(277.5736389160156%2c20 )' id='entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7'%3e%3crect height='129' width='139.05453491210938' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(69.52726745605469%2c12)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7' class='er entityLabel'%3eRole-Seller%3c/text%3e%3crect height='21' width='59.265625' y='24' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='24' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='24' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='45' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='45' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='45' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-comment' class='er entityLabel'%3ecreate%3c/text%3e%3crect height='21' width='59.265625' y='66' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='66' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='66' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-comment' class='er entityLabel'%3edelete%3c/text%3e%3crect height='21' width='59.265625' y='87' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='87' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='38.648284912109375' y='87' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='108' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='108' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='38.648284912109375' y='108' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-comment' class='er entityLabel'%3edelete%3c/text%3e%3c/g%3e%3c/svg%3e)
你可能注意到,权限和角色的赋予是多对多的关系。
把角色分配给用户
就像角色权限赋值一样,用户角色赋值也是一种多对多的关系。因此,你可以把多个角色分配给一个用户,一个角色可以分配给多个用户。
连接各个点
下面是 Logto 中的级别1 RBAC 模型的完整关系图:
%3bopacity:0.7%3bbackground-color:hsl(80%2c 100%25%2c 96.2745098039%25)%3b%7d%23mermaid-1 .relationshipLabelBox rect%7bopacity:0.5%3b%7d%23mermaid-1 .relationshipLine%7bstroke:%23333333%3b%7d%23mermaid-1 .entityTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-1 %23MD_PARENT_START%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-1 %23MD_PARENT_END%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-1 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg/%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='240' markerWidth='190' refY='7' refX='0' id='MD_PARENT_START'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='28' markerWidth='20' refY='7' refX='19' id='MD_PARENT_END'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='0' id='ONLY_ONE_START'%3e%3cpath d='M9%2c0 L9%2c18 M15%2c0 L15%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='18' id='ONLY_ONE_END'%3e%3cpath d='M3%2c0 L3%2c18 M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='0' id='ZERO_OR_ONE_START'%3e%3ccircle r='6' cy='9' cx='21' fill='white' stroke='gray'/%3e%3cpath d='M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='30' id='ZERO_OR_ONE_END'%3e%3ccircle r='6' cy='9' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c0 L21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='18' id='ONE_OR_MORE_START'%3e%3cpath d='M0%2c18 Q 18%2c0 36%2c18 Q 18%2c36 0%2c18 M42%2c9 L42%2c27' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='27' id='ONE_OR_MORE_END'%3e%3cpath d='M3%2c9 L3%2c27 M9%2c18 Q27%2c0 45%2c18 Q27%2c36 9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='18' id='ZERO_OR_MORE_START'%3e%3ccircle r='6' cy='18' cx='48' fill='white' stroke='gray'/%3e%3cpath d='M0%2c18 Q18%2c0 36%2c18 Q18%2c36 0%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='39' id='ZERO_OR_MORE_END'%3e%3ccircle r='6' cy='18' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c18 Q39%2c0 57%2c18 Q39%2c36 21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONE_OR_MORE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M70%2c95L70%2c103.333C70%2c111.667%2c70%2c128.333%2c70%2c145C70%2c161.667%2c70%2c178.333%2c70%2c186.667L70%2c195' class='er relationshipLine'/%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONE_OR_MORE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M70%2c270L70%2c278.333C70%2c286.667%2c70%2c303.333%2c79.628%2c320C89.255%2c336.667%2c108.51%2c353.333%2c118.138%2c361.667L127.766%2c370' class='er relationshipLine'/%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONLY_ONE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M272.18%2c270L272.18%2c278.333C272.18%2c286.667%2c272.18%2c303.333%2c262.552%2c320C252.924%2c336.667%2c233.669%2c353.333%2c224.042%2c361.667L214.414%2c370' class='er relationshipLine'/%3e%3cg transform='translate(20%2c20 )' id='entity-User-818c511a-4a32-5484-ba70-875d765a9175'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-User-818c511a-4a32-5484-ba70-875d765a9175' class='er entityLabel'%3eUser%3c/text%3e%3c/g%3e%3cg transform='translate(20%2c195 )' id='entity-Role-8dbdbbc4-0419-5464-aae6-f142fb2ece67'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-Role-8dbdbbc4-0419-5464-aae6-f142fb2ece67' class='er entityLabel'%3eRole%3c/text%3e%3c/g%3e%3cg transform='translate(121.08984375%2c370 )' id='entity-Permission-48655fad-d38f-55ef-b80b-a2e5778dc661'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-Permission-48655fad-d38f-55ef-b80b-a2e5778dc661' class='er entityLabel'%3ePermission%3c/text%3e%3c/g%3e%3cg transform='translate(220%2c195 )' id='entity-APIResource-f2b5b87c-e92d-553a-a516-679c3b4618ad'%3e%3crect height='75' width='104.359375' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(52.1796875%2c37.5)' y='0' x='0' id='text-entity-APIResource-f2b5b87c-e92d-553a-a516-679c3b4618ad' class='er entityLabel'%3eAPI Resource%3c/text%3e%3c/g%3e%3crect height='14' width='29.34375' y='138' x='55.328125' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='145' x='70' id='rel1' class='er relationshipLabel'%3emaps%3c/text%3e%3crect height='14' width='29.34375' y='320.5440979003906' x='69.92644500732422' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='327.5440979003906' x='84.59832000732422' id='rel2' class='er relationshipLabel'%3emaps%3c/text%3e%3crect height='14' width='44.703125' y='320.54388427734375' x='235.22988891601562' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='327.54388427734375' x='257.5814514160156' id='rel3' class='er relationshipLabel'%3econtains%3c/text%3e%3c/svg%3e)
在 RBAC 模型中,权限总是 "positive" ,意味着授权判断很简单:如果用户有权限,那么接受;否则,拒绝。
假设 Alice 有 seller 角色,Bob 和 Carol 有 customer 角色。我们首先用自然语言描述动作,然后把它们编译到标准的授权格式:IDENTITY performs ACTION on RESOURCE,最后给出结论。
- Alice 想添加一本新书出售:
- 用户 Alice 对资源 Books (
https://api.bookstore.io/books)执行create。 - 由于 Alice 根据他们的
seller角色被赋予了 Books 的create权限,结果是 ✅ 接受。
- 用户 Alice 对资源 Books (
- Alice 想查看所有订单以看看销售是否符合他们的期望:
- 用户 Alice 在 Orders 资源(
https://api.bookstore.io/orders)上执行read。 - 由于 Alice 根据他们的
seller角色被赋予了 Orders 的read权限,结果是 ✅ 接受。
- 用户 Alice 在 Orders 资源(
- Bob 想浏览书籍列表,看看有没有他们想购买的书。
- 用户 Bob 在 Books 资源(
https://api.bookstore.io/books)上执行read。 - 由于 Bob 根据他们的
custome角色被赋予了 Books 的read权限,结果是 ✅ 接受。
- 用户 Bob 在 Books 资源(
- Bob 想查看 Carol 的订单。
- 由于这是别人的订单,所以 Orders 的
read:self权限在此不起作用。 - 用户 Bob 对 Orders 资源(
https://api.bookstore.io/order)执行read。 - 由于 Bob 没有 Orders 的
read权限,结果是 ❌ 拒绝。
- 由于这是别人的订单,所以 Orders 的
其他 RBAC 等级
NIST RBAC 模型有四个级别:
- Flat RBAC
- Hierarchical RBAC
- Constrained RBAC
- Symmetric RBAC
如果你对此感兴趣,可以查看论文获取详细信息。
Logto 现在有 Level 1 的实现,将根据社区反馈进行更高级别的进展。如果更高级别适合你的需求,不要犹豫,告诉我们!
实践中
除了理论,我们还有大量技术工作要完成,以期模型能按预期工作:
- 客户端和 auth 服务器开发
- RBAC 数据库设计
- 在不同服务之间的验证
- 安全和开放标准合规
- 角色,权限,资源管理和赋值
不要恐慌。我们考虑到这一点,并为所有上述内容增加了开箱即用的支持。查看 🔐 RBAC 菜谱,学习如何在 Logto 中使用 RBAC。
结束语
RBAC 对于大部分情况是一个强大的访问管理模型,但没有银弹。我们仍然有一些问题:
- 我需要高级别的 RBAC 吗?
- RBAC 与其他授权模型相比如何?
- 如何定义不同组织之间的授权模型?