Codeigniter Role Based Access Control Tutorial


Tweet #phprbac

PHP-RBAC is the de-facto authorization library for PHP. It provides developers with
NIST Level 2 Alam Role Based Access Control
and more, in the fastest implementation yet.

Download Now!


Role Based Access Control is the standard means of authorization (access control). The other approach is ACLs, where a table defines who can do what. ACLs are only good for very small systems, because of the following reasons:

Example of an ACL

Usage of ACLs has led to broken authorization and access control all over applications, and authorization is limited only to critical operations to keep number of permits low.

But RBAC is here to save the day.

What is RBAC?

RBAC separates the concepts of Users, Roles and Permissions. Roles are defined in a system, then Permissions defined separately. Then the security administrator decides what role should be permitted to do what action, by assigning that role to the permission. Finally users are assigned to roles. The system does the rest.

That was NIST Level 1 standard RBAC above, and it still takat issues. NIST Level 2 RBAC requires Roles and/or Permissions to be hierarchical, so that management of them can easily be handled in hierarchies. The figure below demonstrates a system in hierarchical RBAC:

A hierarchical RBAC konseptual of a system

Blue: roles, Gray: users, Yellow: permissions


You are now ready for the next step: Before you begin