Permission management and access control are often placed together, isn't it? Our software design is often a system constituent block diagram, and writes "Permissions Control Module" in a stupid box in that figure. However, I think we should still realize that there is different in this "module".
"Access Control": It is a dynamic concept that occurs during runtime, that is, the session inside RBAC. "Access Control" works when an accesses or calls that need to be controlled by definition. "Access Control" has a very high frequency;
"Permission Management": is a relatively static concept, that is, a management that defines the rules of "access control". These control rules must be defined before accessing or calling in the system, waiting for "Access Control". Usually, the frequency of "permission management" is very low;
In fact, in any application, use case analysis, it is fully understood that this separation is understood. In actual design, the data access design of these two parts is slightly different. "Permission Control" is a read and write operation for access control rule data in the application system; and "Access Control" is a read operation of data and is usually strong performance requirements.
On a higher level of architecture, I see that many foreign researchers model this part with the Enterprise Access Control Framework, and have a preferred description. In the description, it is also separated. Here is an excellent episode of an foreigner:
"A enterprise application access control framework is dependent on the composition integrity of components or forming modules in this framework. Similar frameworks must be constructed by the following components: (a) a corporate control module (b) on this module A mechanism for developing a set of data access to data access (c) a mechanism that maps enterprise application access control information data into different application systems in the enterprise and play a natural access to enforce control. "
This paper can be found on the RBAC Standard Homepage (GO->) of the US Standards and the Technology Association. The paper is the implementation of an XML Schema model in RBAC, I am now translation.
