one of these roles. This serves as a shortcut for assigning and enforcing
complex applications. Using roles to perform upfront access checks on
rejected with a minimum amount of processing being performed. An
example of this approach is in protecting the URL paths that specific
types of user may access.
When designing role-based access control mechanisms, it is necessary to
balance the number of roles so that they remain a useful tool to assist in
the management of privileges within the application. If too many fine-
grained roles are created, then the number of different roles becomes
unwieldy, and they are difficult to manage accurately. If too few roles are
created, the resulting roles will be a coarse instrument for managing
access, and it is likely that individual users will be assigned privileges
that are not strictly necessary for performance of their function.
■■
Do'stlaringiz bilan baham: