locked
RBAC and OAuth RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User265788195 posted

    I keep hearing these words, RBAC and OAuth. Is there a relation between both. Is one better than the other. Can you post some views 

    Tuesday, November 8, 2016 10:21 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User283571144 posted

    Hi Nissan,

    I keep hearing these words, RBAC and OAuth. Is there a relation between both. Is one better than the other. Can you post some views 

    As far as I know, we couldn't compare with them, there are different things.

    RBAC:

    From wiki:

    In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users.

    It is used by the majority of enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC).

    RBAC is sometimes referred to as role-based security.

    RBAC (Role based access control) is based on defining a list of business roles, and adding each user in the system to one or more roles.

    Permissions and privileges are then granted to each role, and users receive them via their membership in the role (pretty much equivalent to a group).

    Applications will typically test the user for membership in a specific role, and grant or deny access based on that.

    More details, you could refer to follow link:

    https://en.wikipedia.org/wiki/Role-based_access_control

    In my opinion, this is a control that you could set the user role and permissions, it will check the user role allow access and deny access based on that.

    OAuth:

    From wiki:

    OAuth is an open standard for authorization, commonly used as a way for Internet users to authorize websites or applications to access their information on other websites but without giving them the passwords.

    This mechanism is used, for example, by Google, Facebook, Microsoft, Twitter, etc to permit the users to share information about their accounts with third party applications or websites.

    More details, you could refer to follow link:

    https://en.wikipedia.org/wiki/OAuth

    In my opinion, OAuth is normally used by third-part website login in your site without typing the password again.

    So, you could combine the Oauth and RBAC in your application, you could use OAuth login in your application, then you could use RBAC manage its role and permission.

    Best Regards,

    Brando

    Wednesday, November 9, 2016 2:40 AM