RBAC library design

I’ve spent some time cleaning up RBAC so now it passes tests: https://github.com/yiisoft/rbac

There are some questions I’d like to hear your opinion about:

  1. Is it useful to have an ability to assign permission directly to a user instead of adding to role that is assigned to user?
  2. Is ManagerInterface complete enough to RBAC management UI?
1 Like

Seems complete enough, but it’s only my opinion.

Edit: To Point 1, have misunderstood the question.
This was a general question, have deleted my quote

Yes, it is useful. Are there any drawbacks of having it?

2 Likes

Yes. It’s abused. What are use cases?

  1. To me it is wrong to assign permission directly to a user, somehow is an old heritage of monolithic apps

More granular permissions for editing articles in wiki-like website. Each article has its own permission, and I’m assigning them directly to users (there is too many combinations to create roles).

This is Yii 1.1 website, so I’m not using RBAC from Yii 2, but something similar.

How? If there is a need for assigning permission directly to user, people will do this anyway - they will just create roles instead of permissions.

1 Like

So far:

  1. Decided no to remove ability to add permissions directly to user.
  2. Removed ability to check for a role with userHasPermission(). Hope that would result in more correct RBAC usage.
2 Likes

1 it depends on project, in some cases it useful to assign permissions directly without roles

  1. Would be nice to have an option, to explicitly enable assigning of permissions to users. I agree that this is abused often.
1 Like
1 Like