RBAC is short for Role Based Access Control. It consists of three parts: User, Role, Operation/Resource. Access list, also known as resource list, is assigned to the role group, grant Users one or more Roles to allow users to get resource access rights of their group.
The user management interface that corresponds to the CBoard is also divided into three pieces
- user list
- add, edit user
- search user: default by username (including the login name).
- click the name button in front of the search box to search by user group.
- Hold down Ctrl and click the left mouse button to select multiple users or roles
- the buttons below the user checkbox are:
- Grant: Select users and roles, grant roles to users. Each grant will override user`s role, When do this, hold down Ctrl and click on the left mouse button to add or remove the selected role.
- Revoke: Select the user and role, remove the user from the role
- resources cannot be granted to users
- When a user is selected, the user's corresponding role will be changed.
- click + to add role
- The role manager is used to manage the roles
- The role manager can only see the roles they created
- Menu: The first level menu is controlled separately from the second level menu, and there is no cascade
- Dashboard/Datasource/Dataset/Chart: Because the folder is a virtual path, it can be cascaded, but even if the folder is selected, after adding new resources to that folder, it's need to manually add the authorization.
- Administrators can only add resources they create to the group
