You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2022/04/07 20:35:10 UTC
[directory-fortress-enmasse] branch master updated: better graph
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-enmasse.git
The following commit(s) were added to refs/heads/master by this push:
new a5db071 better graph
a5db071 is described below
commit a5db071bc96befe19a54e1de8d4d1f3598978b4d
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Thu Apr 7 15:35:04 2022 -0500
better graph
---
README-SECURITY-MODEL.md | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/README-SECURITY-MODEL.md b/README-SECURITY-MODEL.md
index 8dcd38d..45d2d58 100644
--- a/README-SECURITY-MODEL.md
+++ b/README-SECURITY-MODEL.md
@@ -121,16 +121,21 @@ c. Some services (#'s 9,10,11,12 in ARBAC table) perform a range check on the ta
For example, the following top-down contains a sample RBAC role hierarchy for a fictional software development organization:
```
- CTO
- |
- | |
- ENG QC
- | | | |
- E1 E2 Q1 Q2
- | |
- DA QA
- |
- A1
+ ┌────────┐
+ │ CTO │
+ └┬──────┬┘
+ ┌▽────┐┌▽─────┐
+ │ QC ││ ENG │
+ └┬───┬┘└─┬───┬┘
+ ┌▽─┐┌▽─┐┌▽─┐┌▽─┐
+ │Q1││Q2││E1││E2│
+ └┬─┘└┬─┘└┬─┘└┬─┘
+ ┌▽───▽┐┌─▽───▽┐
+ │ QA ││ DA │
+ └┬────┘└┬─────┘
+ ┌▽──────▽┐
+ │ A1 │
+ └────────┘
```
Here a role called *CTO* is the highest ascendant in the graph, and *A1* is the lowest descendant. In a top-down role hierarchy, privilege increases as we descend downward. So a person with role *A1* inherits all that are above.