CIAM 102: 授權與基於角色的存取控制
組織和租戶對於群組身份來說是很棒的,但它們導致了一種絕對民主狀態:每個人在這個系統中都可以做任何事。雖然烏托邦仍然是個謎,我們來看看存取治理:授權(AuthZ)。
Founder
背景
在 前一篇文章 中,我們介紹了認證(AuthN)和授權(AuthZ)的概念,以及一些令人頭疼的術語:身份、組織、租戶等。
組織和租戶對於群組身份來說是很棒的,但它們導致了一種絕對民主狀態:每個人在這個系統中都可以做任何事。雖然烏托邦仍然是個謎,我們來看看存取治理:授權(AuthZ)。
為什麼我們需要授權?
Notion 是一個很好的例子。對於你擁有的每個頁面,你可以選擇只讓自己看到、與朋友共享,甚至公開共享。
或者,對於一家線上書店,你希望每個人都可以看到所有書籍,但客戶只能看到自己的訂單,而賣家只能管理自己店鋪中的書籍。
AuthZ 和 AuthN 是複雜商業模式的基本組成部分。它們經常一起運作;AuthZ 驗證用戶的存取,而 AuthN 認證身份。兩者對於系統安全都很必要。
基本授權模型
這是最常見的 AuthZ 模型之一:如果 IDENTITY 在 RESOURCE 上執行 ACTION,則 ACCEPT 或 DENY。
在 Notion 的例子中,模型為 PERSON 在 PAGE 上執行 VIEW。
如果頁面是私密的:
- 當你在你的 PAGE 上執行 VIEW 時,你會收到 ACCEPT。
- 其他人在你的 PAGE 上執行 VIEW 時應該收到 DENY。
基於共識,業界開發了各種授權技術,如基於角色的存取控制(RBAC)、基於屬性的存取控制(ABAC)。今天,我們會專注於 NIST RBAC 模型 的第一級:扁平 RBAC。
基於角色的存取控制
讓我們擴展書店的例子。假設我們有很多顧客,但只有一個賣家:
- 顧客可以查看和訂購書籍,以及查看自己的訂單。
- 賣家可以查看、創建和刪除書籍,並管理客戶訂單。
定義資源
在 Logto 中,資源(即 API 資源)通常表示一組實體或項目,因為需要使用有效的 URL 作為指標。因此我們定義了兩個資源:
- 書籍:
https://api.bookstore.io/books - 訂單:
https://api.bookstore.io/orders
強制使用 URL 格式的一個優點是,它可以映射到你的 API 服務的實際地址,這在與系統中其他組件集成時提高了可讀性和辨識性。
定義權限
由於我們引入了資源的概念,在 Logto 中,我們還強制權限必須屬於資源,相反地,資源可以有權限。
讓我們為資源添加一些權限:
- 書籍:
read,create,delete - 訂單:
read,read:self,create:self,delete
雖然權限名稱沒有要求,但我們有以下慣例:
當 <action> 是必需用來描述權限時,:<target> 可以忽略以描述一般目標,即資源中的所有實體或項目。例如:
- 權限
read在資源書籍中意味著可以閱讀任意書籍的動作。 - 權限
create:self在資源訂單中意味著可以創建屬於當前用戶的訂單的動作。
定義角色
簡而言之,角色是一組權限。讓我們創建兩個角色 customer 和 seller 並為它們分配權限如下:
%3bopacity:0.7%3bbackground-color:hsl(80%2c 100%25%2c 96.2745098039%25)%3b%7d%23mermaid-0 .relationshipLabelBox rect%7bopacity:0.5%3b%7d%23mermaid-0 .relationshipLine%7bstroke:%23333333%3b%7d%23mermaid-0 .entityTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 %23MD_PARENT_START%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-0 %23MD_PARENT_END%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg/%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='240' markerWidth='190' refY='7' refX='0' id='MD_PARENT_START'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='28' markerWidth='20' refY='7' refX='19' id='MD_PARENT_END'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='0' id='ONLY_ONE_START'%3e%3cpath d='M9%2c0 L9%2c18 M15%2c0 L15%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='18' id='ONLY_ONE_END'%3e%3cpath d='M3%2c0 L3%2c18 M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='0' id='ZERO_OR_ONE_START'%3e%3ccircle r='6' cy='9' cx='21' fill='white' stroke='gray'/%3e%3cpath d='M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='30' id='ZERO_OR_ONE_END'%3e%3ccircle r='6' cy='9' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c0 L21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='18' id='ONE_OR_MORE_START'%3e%3cpath d='M0%2c18 Q 18%2c0 36%2c18 Q 18%2c36 0%2c18 M42%2c9 L42%2c27' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='27' id='ONE_OR_MORE_END'%3e%3cpath d='M3%2c9 L3%2c27 M9%2c18 Q27%2c0 45%2c18 Q27%2c36 9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='18' id='ZERO_OR_MORE_START'%3e%3ccircle r='6' cy='18' cx='48' fill='white' stroke='gray'/%3e%3cpath d='M0%2c18 Q18%2c0 36%2c18 Q18%2c36 0%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='39' id='ZERO_OR_MORE_END'%3e%3ccircle r='6' cy='18' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c18 Q39%2c0 57%2c18 Q39%2c36 21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cg transform='translate(20%2c41 )' id='entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c'%3e%3crect height='87' width='157.57363891601562' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(78.78681945800781%2c12)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c' class='er entityLabel'%3eRole-Customer%3c/text%3e%3crect height='21' width='59.265625' y='24' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='24' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='57.167388916015625' y='24' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c34.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-1-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='45' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='45' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='57.167388916015625' y='45' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c55.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-2-comment' class='er entityLabel'%3eread:self%3c/text%3e%3crect height='21' width='59.265625' y='66' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='66' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='57.167388916015625' y='66' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c76.5)' y='0' x='0' id='text-entity-RoleCustomer-c5a68bb0-5611-51a0-8b4a-31224a171b9c-attr-3-comment' class='er entityLabel'%3ecreate:self%3c/text%3e%3c/g%3e%3cg transform='translate(277.5736389160156%2c20 )' id='entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7'%3e%3crect height='129' width='139.05453491210938' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(69.52726745605469%2c12)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7' class='er entityLabel'%3eRole-Seller%3c/text%3e%3crect height='21' width='59.265625' y='24' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='24' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='24' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c34.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-1-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='45' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='45' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='45' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c55.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-2-comment' class='er entityLabel'%3ecreate%3c/text%3e%3crect height='21' width='59.265625' y='66' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='66' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-name' class='er entityLabel'%3eBooks%3c/text%3e%3crect height='21' width='38.648284912109375' y='66' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c76.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-3-comment' class='er entityLabel'%3edelete%3c/text%3e%3crect height='21' width='59.265625' y='87' x='0' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='87' x='59.265625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='38.648284912109375' y='87' x='100.40625' class='er attributeBoxEven'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c97.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-4-comment' class='er entityLabel'%3eread%3c/text%3e%3crect height='21' width='59.265625' y='108' x='0' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(5%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-type' class='er entityLabel'%3epermission%3c/text%3e%3crect height='21' width='41.140625' y='108' x='59.265625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(64.265625%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-name' class='er entityLabel'%3eOrders%3c/text%3e%3crect height='21' width='38.648284912109375' y='108' x='100.40625' class='er attributeBoxOdd'/%3e%3ctext style='dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 10.2px%3b' transform='translate(105.40625%2c118.5)' y='0' x='0' id='text-entity-RoleSeller-8acfa22b-9f47-5594-85c1-1ff5c49b86b7-attr-5-comment' class='er entityLabel'%3edelete%3c/text%3e%3c/g%3e%3c/svg%3e)
你可能注意到權限-角色分配是多對多關係。
將角色分配給用戶
就像角色-權限分配一樣,用戶-角色分配也是多對多關係。因此,你可以為一個用戶分配多個角色,一個角色也可以分配給多個用戶。
連接點
這是 Logto 中第一級 RBAC 模型的完整關係圖:
%3bopacity:0.7%3bbackground-color:hsl(80%2c 100%25%2c 96.2745098039%25)%3b%7d%23mermaid-1 .relationshipLabelBox rect%7bopacity:0.5%3b%7d%23mermaid-1 .relationshipLine%7bstroke:%23333333%3b%7d%23mermaid-1 .entityTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-1 %23MD_PARENT_START%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-1 %23MD_PARENT_END%7bfill:%23f5f5f5!important%3bstroke:%23333333!important%3bstroke-width:1%3b%7d%23mermaid-1 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg/%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='240' markerWidth='190' refY='7' refX='0' id='MD_PARENT_START'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='28' markerWidth='20' refY='7' refX='19' id='MD_PARENT_END'%3e%3cpath d='M 18%2c7 L9%2c13 L1%2c7 L9%2c1 Z'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='0' id='ONLY_ONE_START'%3e%3cpath d='M9%2c0 L9%2c18 M15%2c0 L15%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='18' refY='9' refX='18' id='ONLY_ONE_END'%3e%3cpath d='M3%2c0 L3%2c18 M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='0' id='ZERO_OR_ONE_START'%3e%3ccircle r='6' cy='9' cx='21' fill='white' stroke='gray'/%3e%3cpath d='M9%2c0 L9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='18' markerWidth='30' refY='9' refX='30' id='ZERO_OR_ONE_END'%3e%3ccircle r='6' cy='9' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c0 L21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='18' id='ONE_OR_MORE_START'%3e%3cpath d='M0%2c18 Q 18%2c0 36%2c18 Q 18%2c36 0%2c18 M42%2c9 L42%2c27' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='45' refY='18' refX='27' id='ONE_OR_MORE_END'%3e%3cpath d='M3%2c9 L3%2c27 M9%2c18 Q27%2c0 45%2c18 Q27%2c36 9%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='18' id='ZERO_OR_MORE_START'%3e%3ccircle r='6' cy='18' cx='48' fill='white' stroke='gray'/%3e%3cpath d='M0%2c18 Q18%2c0 36%2c18 Q18%2c36 0%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cdefs%3e%3cmarker orient='auto' markerHeight='36' markerWidth='57' refY='18' refX='39' id='ZERO_OR_MORE_END'%3e%3ccircle r='6' cy='18' cx='9' fill='white' stroke='gray'/%3e%3cpath d='M21%2c18 Q39%2c0 57%2c18 Q39%2c36 21%2c18' fill='none' stroke='gray'/%3e%3c/marker%3e%3c/defs%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONE_OR_MORE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M70%2c95L70%2c103.333C70%2c111.667%2c70%2c128.333%2c70%2c145C70%2c161.667%2c70%2c178.333%2c70%2c186.667L70%2c195' class='er relationshipLine'/%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONE_OR_MORE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M70%2c270L70%2c278.333C70%2c286.667%2c70%2c303.333%2c79.628%2c320C89.255%2c336.667%2c108.51%2c353.333%2c118.138%2c361.667L127.766%2c370' class='er relationshipLine'/%3e%3cpath style='stroke: gray%3b fill: none%3b' marker-start='url(%23ONLY_ONE_START)' marker-end='url(%23ONE_OR_MORE_END)' d='M272.18%2c270L272.18%2c278.333C272.18%2c286.667%2c272.18%2c303.333%2c262.552%2c320C252.924%2c336.667%2c233.669%2c353.333%2c224.042%2c361.667L214.414%2c370' class='er relationshipLine'/%3e%3cg transform='translate(20%2c20 )' id='entity-User-818c511a-4a32-5484-ba70-875d765a9175'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-User-818c511a-4a32-5484-ba70-875d765a9175' class='er entityLabel'%3eUser%3c/text%3e%3c/g%3e%3cg transform='translate(20%2c195 )' id='entity-Role-8dbdbbc4-0419-5464-aae6-f142fb2ece67'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-Role-8dbdbbc4-0419-5464-aae6-f142fb2ece67' class='er entityLabel'%3eRole%3c/text%3e%3c/g%3e%3cg transform='translate(121.08984375%2c370 )' id='entity-Permission-48655fad-d38f-55ef-b80b-a2e5778dc661'%3e%3crect height='75' width='100' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(50%2c37.5)' y='0' x='0' id='text-entity-Permission-48655fad-d38f-55ef-b80b-a2e5778dc661' class='er entityLabel'%3ePermission%3c/text%3e%3c/g%3e%3cg transform='translate(220%2c195 )' id='entity-APIResource-f2b5b87c-e92d-553a-a516-679c3b4618ad'%3e%3crect height='75' width='104.359375' y='0' x='0' class='er entityBox'/%3e%3ctext style='dominant-baseline: middle%3b text-anchor: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' transform='translate(52.1796875%2c37.5)' y='0' x='0' id='text-entity-APIResource-f2b5b87c-e92d-553a-a516-679c3b4618ad' class='er entityLabel'%3eAPI Resource%3c/text%3e%3c/g%3e%3crect height='14' width='29.34375' y='138' x='55.328125' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='145' x='70' id='rel1' class='er relationshipLabel'%3emaps%3c/text%3e%3crect height='14' width='29.34375' y='320.5440979003906' x='69.92644500732422' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='327.5440979003906' x='84.59832000732422' id='rel2' class='er relationshipLabel'%3emaps%3c/text%3e%3crect height='14' width='44.703125' y='320.54388427734375' x='235.22988891601562' class='er relationshipLabelBox'/%3e%3ctext style='text-anchor: middle%3b dominant-baseline: middle%3b font-family: arial%2c sans-serif%3b font-size: 12px%3b' y='327.54388427734375' x='257.5814514160156' id='rel3' class='er relationshipLabel'%3econtains%3c/text%3e%3c/svg%3e)
在 RBAC 模型中,權限總是 "正向" 的,意味著授權判斷很簡單:如果用戶擁有權限,則接受;否則拒絕。
我們假設 Alice 有角色 seller,Bob 和 Carol 有角色 customer。我們將首先用自然語言描述動作,並將它們翻譯成標準授權格式:IDENTITY 在 RESOURCE 上執行 ACTION,最終得出結論。
- Alice 想要添加一個新書進行銷售:
- 用戶 Alice 在資源書籍(
https://api.bookstore.io/books)上執行create。 - 由於 Alice 根據她的角色
seller被分配了書籍的create權限,結果是 ✅ 接受。
- 用戶 Alice 在資源書籍(
- Alice 想要查看所有訂單以確定銷售是否符合預期:
- 用戶 Alice 在資源訂單(
https://api.bookstore.io/orders)上執行read。 - 由於 Alice 根據她的角色
seller被分配了訂單的read權限,結果是 ✅ 接受。
- 用戶 Alice 在資源訂單(
- Bob 想要瀏覽書籍列表以查看是否有他想購買的書籍。
- 用戶 Bob 在資源書籍(
https://api.bookstore.io/books)上執行read。 - 由於 Bob 根據他的角色
customer被分配了書籍的read權限,結果是 ✅ 接受。
- 用戶 Bob 在資源書籍(
- Bob 想查看 Carol 的訂單。
- 由於這是別人的訂單,訂單的
read:self權限在這裡不起作用。 - 用戶 Bob 在資源訂單(
https://api.bookstore.io/order)上執行read。 - 由於 Bob 沒有訂單的
read權限,結果是 ❌ 拒絕。
- 由於這是別人的訂單,訂單的
其他 RBAC 級別
NIST RBAC 模型有四個級別:
- 扁平 RBAC
- 層次化 RBAC
- 受限 RBAC
- 對稱 RBAC
如果你感興趣,請參閱 論文 以了解更多詳情。
Logto 現在已有第一級實現,將根據社群反饋來進展到更高級別。如果更高級別符合你的需求,請隨時告訴我們!
實踐中
除了理論,我們仍然需要大量技術工作以確保模型按預期運作:
- 客戶端和身份驗證服務器開發
- RBAC 的數據庫設計
- 不同服務間的驗證
- 安全性和開放標準符合性
- 角色、權限、資源的管理和分配
不要驚慌。我們已考慮到這一點,並增加了開箱即用的支持來涵蓋以上所有事項。 查看 🔐 RBAC 食譜 以了解如何在 Logto 中使用 RBAC。
結語
對於大多數案例來說,RBAC 是一種強大的存取管理模型,但並不是萬能解決方案。我們仍然有一些問題:
- 我需要高級別的 RBAC 嗎?
- RBAC 與其他授權模型相比如何?
- 如何在不同的組織間定義授權模型?