RBAC in Yii2 with PhpManager
The official documentation actually uses a php file https://github.com/yiisoft/yii2/blob/master/docs/guide/security-authorization.md
In which layer to implement RBAC in a web application?
authorization,access-control,rbac,abac
Here are some elements of response: First of all try to define your access control layer in configurable, decoupled way. Using a framework such as spring-security, jaas, or xacml is a great way forward. This is called externalized authorization. Secondly, think of what matters to you most: is it the...
RBAC Yii2 doesn't work with default roles
The user table in my database has a column named "role": for admin it's value set to 1 and for viewers = 2 That's not how it works unfortunately. The rights/roles a user has are (by default) done via the auth_assignment-table. Just add an entry in it: INSERT INTO...
Yii RBAC: access to specific items/rows
php,sql,yii,access-control,rbac
I decided to take the following approach, after deciding that simply maintaining an array of Company Items inside $data['companyItemsAllowed'] was not the best for these requirements: created an association table between Users and CompanyItems; call it association_table; created the RBAC tree as shown in the question, but where the bizRule...
ZfcRbac Role Provider and Identity getRoles()
zend-framework2,identity,roleprovider,rbac,zfc-rbac
As you can see in the php doc in the IdentityInterface The getRoles() method can return two things: 1. an array of strings 2. an array of Rbac\Role\RoleInterface In case you return an array of strings you need an additional RoleProvider to "translate" the strings to actual instances of a...
Update role user: not authorized on admin to execute command
mongodb,permissions,rbac,replicaset
I was updating roles with the wrong command here is the right one: db.grantRolesToUser( "mongoadmin", [{ role: "read", db: "local"}]) Now I can check the replicainfo: rep0:PRIMARY> rs.printReplicationInfo() configured oplog size: 990MB log length start to end: 617347secs (171.49hrs) oplog first event time: Thu May 14 2015 14:25:04 GMT+0200 (CEST)...
using “CDbAuthManager” generates exception “CPhpAuthManager” is not defined
I found that tables names was case sensitive. modified tables names .. all worked
Retrieve a user group membership from Azure AD for RBAC
c#,azure,asp.net-web-api,rbac,adal
you no longer need to query the graph for getting group info, we have a new feature that will deliver those in the token. See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/
RBAC in webapp2 with ACL from tipfy
google-app-engine,webapp2,rbac,tipfy
At the end I find out that area can be anything you want and it's up to you what meaning it has. Just define a property in your handler that return some string ... and that's the area. Also ... I Finally end up coding a RBAC for google app...
How to use LDAP to implement a resource/action based authorization?
c#,ldap,authorization,rbac,abac
You can take a step back and look at the bigger access control / authorization use case. IF you want to do resource-action based authorization, you can roll out ABAC, the attribute-based access control model. ABAC is an evolution of RBAC and identity-centric authorization. It was designed by NIST, the...
yii2 deny user login on backend
Solved - Note: The solution is not exactly RBAC but ACF. After searching and consulting, i found the solution at This yii2 viki. I was unclear of RBAC behavior, in that i thought it won't let the role do some specific task before-action. But RBAC is meant to prevent roles...
How does social and sharing websites e.g. Facebook and Google+ handle security policies in code?
security,access-control,rbac,xacml,abac
Note: this question is best suited for the Security Stack Exchange site. Generally speaking, software development companies - not just websites - develop their own authorization logic ad-hoc using code (Java, C#... you name it). There are a few companies / teams that have decoupled their business logic from their...
RBAC for basic yii2 template
first of all create a Helper Class called PermissionHelpers in your model folder: namespace app\models; use Yii; class PermissionHelpers { public static function requireAdmin() { if(Yii::$app->user->identity->role == 100) { return true; } else return false; } } Then update your controller with: // at top with your other use use...
XACML PolicySet and Request with example
If you are using Policy Set with WSO2IS, Please note following. You need to publish both Policy Set policy and reference policies in to PDP. Then you need to enable the Policy Set in the PDP. You can keep the reference policies as disabled policies. Please refer more detail from...
WSO2 Identity server GUI creating different attribute id for policy and request
I think you mean you are getting Indeterminate instead of Intermediate. There is no such response w/ Intermediate in XACML. Secondly the attribute ID "urn:oasis:names:tc:xacml:1.0:subject:subject-id" represents the user identity e.g. Alice, Bob, Carol. What your policy needs is the role. You can have a request that only contains the user...
Default screen as login Screen
Ok I found the solution, actually instead of defaultRoute' => 'site/login', you can provide any other controller, which needs authentication. for example defaultRoute' => 'site/index' and it will not have the circular problem of redirection....
Cannot insert the value NULL into column 'user_id', table 'dbo.role_user'; column does not allow nulls
Extra info: Entrust needs a userid to be able to assign a role to the user. When you create a user there is no userid cause a userid will be created when you create the user. So after creating the user you need to retrive the user first before you...