• Role Based Access Manager


  •   
  • FileName: rbam_manual.pdf [read-online]
    • Abstract: Role Based Access ManagerRole Based Access Control Managementfor the Yii PHP FrameworkDeveloped for the Yii Community byPBM Web Development Role Based Access ManagerContentsIntroduction ...................................................................................................................................... 5

Download the ebook

Role Based Access Manager
Role Based Access Control Management
for the Yii PHP Framework
Developed for the Yii Community by
PBM Web Development
Role Based Access Manager
Contents
Introduction ...................................................................................................................................... 5
Features ........................................................................................................................................ 5
Requirements.................................................................................................................................... 6
License .............................................................................................................................................. 6
Compatibility ..................................................................................................................................... 7
Installation & Configuration............................................................................................................... 7
Default Configuration Values ..................................................................................................... 8
RBAM .............................................................................................................................................. 10
Public Properties ......................................................................................................................... 10
Public methods ............................................................................................................................ 11
Property Details........................................................................................................................... 12
applicationLayout .................................................................................................................... 12
authAssignmentsManagerRole ................................................................................................ 12
authenticatedRole ................................................................................................................... 12
authItemsManagerRole ........................................................................................................... 12
baseScriptUrl ........................................................................................................................... 12
baseUrl .................................................................................................................................... 13
cssFile ...................................................................................................................................... 13
development ........................................................................................................................... 13
exclude .................................................................................................................................... 13
guestRole................................................................................................................................. 13
initialise ................................................................................................................................... 14
juiCssFile.................................................................................................................................. 14
juiHide ..................................................................................................................................... 14
juiScriptFile .............................................................................................................................. 15
juiScriptUrl............................................................................................................................... 15
juiShow.................................................................................................................................... 15
juiTheme ................................................................................................................................. 15
juiThemeUrl ............................................................................................................................. 16
layout ...................................................................................................................................... 16
pageSize .................................................................................................................................. 16
rbacManagerRole .................................................................................................................... 16
relationshipsPageSize .............................................................................................................. 16
Page 2 of 41
Role Based Access Manager
showConfirmation ................................................................................................................... 16
showMenu .............................................................................................................................. 17
userClass ................................................................................................................................. 17
userCriteria.............................................................................................................................. 17
userIdAttribute ........................................................................................................................ 17
userNameAttribute .................................................................................................................. 18
Method Details ............................................................................................................................ 18
getMenuItem() ........................................................................................................................ 18
getMenuItems() ....................................................................................................................... 18
Using RBAM .................................................................................................................................... 19
Menu........................................................................................................................................... 20
Button Icons ................................................................................................................................ 21
Integrated Help ........................................................................................................................... 22
Authorisation Items ..................................................................................................................... 22
Authorisation Items Overview.................................................................................................. 22
Manage Authorisation Item ..................................................................................................... 23
Create Authorisation Item ....................................................................................................... 27
Authorisation Assignments .......................................................................................................... 29
Users ....................................................................................................................................... 29
Assign Roles to a User .............................................................................................................. 29
Roles Assigned to a User .......................................................................................................... 31
Users Assigned to a Role .......................................................................................................... 32
Drill-down & Drill-up.................................................................................................................... 32
Drill-down ................................................................................................................................... 33
Drill-up ........................................................................................................................................ 33
Initialisation................................................................................................................................. 35
Authorisation Data Array Format ............................................................................................. 36
Built-in Authorisation Data ...................................................................................................... 37
Generate Authorisation Data ....................................................................................................... 38
CMenu Integration .......................................................................................................................... 39
Credits............................................................................................................................................. 40
Requests & Bugs .............................................................................................................................. 40
Appendix A – Yii Demo Application User Model ............................................................................... 41
Appendix B – Minimal Schema for the User Table ............................................................................ 41
Page 3 of 41
Role Based Access Manager
Figures
Figure 1 - Default Configuration Values.............................................................................................. 9
Figure 2 - RBAM Home Page ............................................................................................................ 19
Figure 3 - RBAM Menu..................................................................................................................... 20
Figure 4 - RBAM's Button Icons ........................................................................................................ 21
Figure 5 - Page Help......................................................................................................................... 22
Figure 6 - Authorisation Items Overview .......................................................................................... 23
Figure 7 - Manage Authorisation Item ............................................................................................. 24
Figure 8 - Create Authorisation Item (Role) ...................................................................................... 28
Figure 9 - Users (User “test3” has one role) ..................................................................................... 29
Figure 10 - Role Assignment Dialog (Assigning the “Editor” role to the user “test3”) ........................ 30
Figure 11 - Roles Assigned to a User ................................................................................................ 31
Figure 12 - Users Assigned to a Role ................................................................................................ 32
Figure 13 - Drill-Down (showing two levels of drill-down) ................................................................ 33
Figure 14 - Drill-Up .......................................................................................................................... 34
Figure 15 - Confirm Re-initialise RBAC Authorisation Data Dialog ..................................................... 35
Figure 16 - Authorisation Data Array Format ................................................................................... 36
Figure 17 - Built-in Authorisation Data ............................................................................................. 37
Figure 18 - Generate Authorisation Data ......................................................................................... 38
Figure 19 – RbamModule->getMenuItem() Example ........................................................................ 39
Figure 20 - RbamModule->getMenuItems() Example ....................................................................... 39
Figure 21 – User Model Class for Yii Demo Application .................................................................... 41
Figure 22 – Minimal Schema for the User Table ............................................................................... 41
Page 4 of 41
Role Based Access Manager
Introduction
Role Based Access Manager (RBAM) is a Yii module that provides complete management of
Authorisation Data (Authorisation Items, Authorisation Hierarchy, and Authorisation Assignments)
for Yii’s Role Based Access Control system via a browser interface; it is intended for use in
development and end-user administration environments.
RBAM has an intuitive “Web 2.0” interface to easily manage Authorisation Items (Roles, Tasks, and
Operations), their hierarchy, and Authorisation Assignments. It presents all of an Authorisation
Item’s information in one place providing a comprehensive overview and complete management of
the item.
RBAM’s “Drill-down” and “Drill-up” features quickly show an item’s position in the Authorisation
Hierarchy, what permissions it inherits (Drill-down) and which Roles inherit its permissions (Drill-up).
RBAM is built on top of Yii’s CAuthManager component and supports both of Yii’s built-in
Authorisation Managers, CDbAuthManager and CPhpAuthManager, and authorisation managers
extended from them.
Features
 Complete management of Authorisation Data
o Manages Authorisation Items (Roles, Tasks, and Operations),
their business rules and data
o Manages Authorisation Item hierarchy
o Manages Authorisation Assignments, their business rules and data, and
assignment/revocation of Roles to/from users
 Drag & drop interface for Authorisation Hierarchy management
 Drill-down and drill-up
o Drill-down from an Authorisation Item to see what permissions it inherits
o Drill-up from an Authorisation Item to see which Roles inherit its permissions
 Filtering, paging, and sorting of Authorisation Items, Authorisation Assignments, and users
 Confirmation dialogs for all changes to Authorisation Data
 Integrated help
 Breadcrumb support
 Integrates with CDbAuthManager, CPhpAuthManager, and authorisation managers
extended from them
 Compound attribute and related model support for user names
 Internationalization (I18N)
 Initialisation of Authorisation Data using built-in or user-supplied data (can import
CPhpAuthManager data)
 Generate Authorisation Data based on the application’s modules, controllers, and actions
 CMenu integration
 Simple installation and configuration
Page 5 of 41
Role Based Access Manager
Requirements
 JavaScript enabled browser
 CDbAuthManager, CPhpAuthManager, or an authorisation manager component extended
from them
 A User model with an attribute that is the model’s primary-key and an attribute or attributes
that provide the names of users
Tip: To enable quick evaluation of RBAM, you can install RBAM in Yii’s “testdrive” demo
application and add a User model (see Appendix A for the code and Appendix B – Minimal
Schema for the User Table for the minimal schema RBAM requires).
Log in as “demo/demo” or “admin/admin”. The logged user will be assigned the “RBAC
Manager” role on initialising RBAM, but will not appear in the list of users as they are not
contained in the user model.
License
RBAM is free software. It is released under the terms of the following BSD License.
Copyright © 2010 by PBM Web Development
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
 Redistributions of source code must retain the above copyright notice, this list of conditions
and the following disclaimer.
 Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
 Neither the name of PBM Web Development nor the names of its contributors may be used
to endorse or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Page 6 of 41
Role Based Access Manager
Compatibility
Yii Chrome Firefox MSIE Opera Safari OS
Tested with 1.1.5 8.0 3.68 8.0 10.63 5.0 Windows 7
Should work with 1.x.x All 2.0+ 6.0+ 9.0+ 3.0+ All
Installation & Configuration
1. Download RBAM from http://www.yiiframework.com/extension/rbam/
2. Extract the module and place in the required folder. RBAM can be installed as a “top level”
module (i.e. under protected/modules) or a nested module (i.e. in the “modules” directory
of a parent module); RBAM can be nested at any depth.
Page 7 of 41
Role Based Access Manager
3. Edit your application configuration file (Yii’s default configuration file is
/protected/config/main.php) and add:
a. If a top level module
'modules'=>array(
'rbam'=>array(
// RBAM Configuration
),
),
b. If a nested module:
'parentModule'=>array(
// Parent Module Configuration
'modules'=>array(
'rbam'=>array(
// RBAM Configuration
),
),
),
4. RBAM Configuration consists of setting the required values of the module's public
properties.
Default Configuration Values
The default values are intended to allow RBAM to work “out of the box”; it is only necessary to
provide configuration values for those options where the default value does not meet the needs of
your application.
Page 8 of 41
Role Based Access Manager
'rbam'=>array(
'applicationLayout'=>'application.views.layouts.main',
'authAssignmentsManagerRole'=>' Auth Assignments Manager',
'authenticatedRole'=>'Authenticated',
'authItemsManagerRole'=>'Auth Items Manager',
'baseScriptUrl'=>null,
'baseUrl'=>null,
'cssFile'=>null,
'development'=>false,
'exclude'=>'rbam',
'guestRole'=>'Guest',
'initialise'=>null,
'layout'=>'rbam.views.layouts.main',
'juiCssFile'=>'jquery-ui.css',
'juiHide'=>'puff',
'juiScriptFile'=>'jquery-ui.min.js',
'juiScriptUrl'=>null,
'juiShow'=>'fade',
'juiTheme'=>base',
'juiThemeUrl'=>null,
'pageSize'=>10,
'rbacManagerRole'=>'RBAC Manager',
'relationshipsPageSize'=>5,
'showConfirmation'=>3000,
'showMenu'=>true,
'userClass'=>'User',
'userCriteria=>array(),
'userIdAttribute=>'id',
'userNameAttribute=>'username',
)
Figure 1 - Default Configuration Values
Note: If your application is “ended”, e.g. has front-end and back-end applications, you will
need to configure applicationLayout for RBAM to render correctly.
Note: RBAM itself is not “ended”.
Page 9 of 41
Role Based Access Manager
RBAM
Inheritance RbamModule » CWebModule » CModule » CComponent
Public Properties
See CWebModule for inherited properties.
Name Type Description
applicationLayout string Path alias to the application's layout file.
RBAM's content and layout are the content for this
layout file.
authAssignmentsManagerRole string Name of the role that grants permission to manage
user role assignments.
authenticatedRole string Name of the role that grants permissions to users that
are logged in.
authItemsManagerRole string Name of the role that grants permission to manage
authorisation items.
baseScriptUrl string The base script URL for all module resources (e.g.
JavaScript, CSS file, images).
baseUrl string The base URL used to access RBAM.
cssFile string The URL of the CSS file used by this module.
development boolean Set TRUE to enable development mode.
exclude mixed Modules to exclude when generating authorisation
data.
guestRole string Name of the role that grants permissions to users that
are not logged in.
initialise mixed Defines whether RBAM should initialise the RBAC
system and if so with what values.
juiCssFile string The JUI theme CSS file name.
juiHide string The effect used to hide JUI dialogs.
juiScriptFile string The main JUI JavaScript file.
juiScriptUrl string The root URL that contains all JUI JavaScript files.
juiShow string The effect used to show JUI dialogs.
juiTheme string The JUI theme name.
juiThemeUrl string The root URL that contains all JUI theme folders.
layout string Path alias to layout file.
pageSize integer The number of auth items displayed on a page.
rbacManagerRole string Name of the role that grants permission to manage
authorisation items and user role assignments.
Page 10 of 41
Role Based Access Manager
Name Type Description
relationshipsPageSize integer The number of auth items displayed in the relationship
areas of the Manage Item screen.
showConfirmation integer The number of milliseconds to display confirmation
dialogs.
showMenu boolean Whether to show the RBAM menu.
userClass string The class name of the user model.
userCriteria array The criteria applied in order to filter the list of users.
userIdAttribute string The name of the attribute that provides a unique id in
the user model.
userNameAttribute mixed Attribute(s) in the user or related models used to
display the user's name.
Public methods
See CWebModule for inherited methods.
Name Description
getMenuItem() Returns the module menu item.
getMenuItems() Returns the module menu items.
Page 11 of 41
Role Based Access Manager
Property Details
applicationLayout
public string $applicationLayout;
Path alias to the application's layout file.
RBAM's content and layout are the content for this layout file.
This will need configuring for "ended" applications, e.g. has front-end and back-end applications.
Defaults to ‘application.views.layouts.main’
authAssignmentsManagerRole
public string $authAssignmentsManagerRole;
Name of the role that grants permission to manage user role assignments.
Defaults to ‘Auth Assignments Manager’
authenticatedRole
public string $authenticatedRole;
Name of the role that grants permissions to users that are logged in. This will be added to
CAuthManager::defaultRoles.
Note: It is not necessary to declare this role in your AuthManager configuration.
Defaults to ‘Authenticated’
authItemsManagerRole
public string $authItemsManagerRole;
Name of the role that grants permission to manage authorisation items.
Defaults to ‘Auth Items Manager’
baseScriptUrl
public string $baseScriptUrl;
The base script URL for all module resources (e.g. JavaScript, CSS file, images).
If NULL (default) the integrated module resources (which are published as assets) are used.
Defaults to NULL
Page 12 of 41
Role Based Access Manager
baseUrl
public string $baseUrl;
The base URL used to access RBAM.
If NULL (default) the baseUrl is:
‘/parentModule1Id/…/parentModuleNId/rbam’.
Do not append any slash character to the URL.
Defaults to NULL
cssFile
public string $cssFile;
The URL of the CSS file used by this module.
If NULL (default) the integrated CSS file is used.
If === FALSE a CSS file must be explicitly included, e.g. in the layout.
Defaults to NULL
development
public boolean $development;
Set TRUE to enable development mode.
In development mode assets (e.g. JavaScript and CSS files) are published on each access and options
to initialise (if RbamModule::initialise is not empty) and generate authorisation data are shown.
Defaults to FALSE
exclude
public mixed $exclude;
Modules to exclude when generating authorisation data. Either an array or comma delimited string
of module ids.
Defaults to ‘rbam’
guestRole
public string $guestRole;
Name of the role that grants permissions to users that are not logged in. This will be added to
CAuthManager::defaultRoles.
Note: It is not necessary to declare this role in your AuthManager configuration.
Defaults to ‘Guest’
Page 13 of 41
Role Based Access Manager
initialise
public mixed $initialise;
Defines whether RBAM should initialise the RBAC system and if so, with what values.
WARNING: Initialising the RBAC system will clear existing authorisation data (auth items, auth
item children, and assignments).
String: the path to a file that returns an array that defines the authorisation data that RBAM will use
to initialise the RBAC system. The array format is that used by CPhpAuthManager, meaning that this
option can be used to import authorisation data if changing to CDbAuthManager; see below for the
array format.
Array: defines the authorisation data that RBAM will use to initialise the RBAC system. The array
format is that used by CPhpAuthManager; see below for the array format.
Boolean: If === TRUE RBAM will initialise the RBAC system with default auth items and auth item
children; the current user will be assigned the RBAC Manager role.
If empty (default) no initialisation is performed.
Defaults to NULL
juiCssFile
public string $juiCssFile;
The JUI theme CSS file name.
The file must exist under the URL specified by juiThemeUrl/juiTheme.
To include multiple theme CSS files (e.g. during development, to include individual plugin CSS files),
set this property as an array of the CSS file names.
If === FALSE a JUI CSS file must be explicitly included, e.g. in the layout.
Defaults to 'jquery-ui.css'
juiHide
public string $juiHide;
The effect used to hide JUI dialogs.
The following effects are available: blind, bounce, clip, drop, explode, fold, highlight, puff, pulsate,
scale, shake, size, and slide.
Set to empty string for no effect.
Defaults to ‘puff’
Page 14 of 41
Role Based Access Manager
juiScriptFile
public string $juiScriptFile;
The main JUI JavaScript file.
The file must exist under the URL specified by juiScriptUrl.
To include multiple script files (e.g. during development, to include individual plugin script files
rather than the minimized JUI script file), set this property as array of the script file names.
If === FALSE a JUI script file must be explicitly included, e.g. in the layout.
Defaults to 'jquery-ui.min.js'
juiScriptUrl
public string $juiScriptUrl;
The root URL that contains all JUI JavaScript files.
If NULL (default) the JUI package included with Yii is published and used to infer the root script URL.
You should set this property if you intend to use a JUI package whose version is different from the
one included in Yii.
There must be a file whose name is specified by juiScriptFile under this URL.
Do not append any slash character to the URL.
Defaults to NULL
juiShow
public string $juiShow;
The effect used to show JUI dialogs.
The following effects are available: blind, bounce, clip, drop, explode, fold, highlight, puff, pulsate,
scale, shake, size, and slide.
Set to empty string for no effect.
Defaults to ‘fade’
juiTheme
public string $juiTheme;
The JUI theme name.
There must be a directory whose name is the same as this property value (case-sensitive) under the
URL specified by juiThemeUrl.
Defaults to 'base'
Page 15 of 41
Role Based Access Manager
juiThemeUrl
public string $juiThemeUrl;
The root URL that contains all JUI theme folders.
If NULL (default) the JUI package included with Yii is published and used to infer the root theme URL.
You should set this property if you intend to use a theme that is not found in the JUI package
included in Yii.
There must be a directory (case-sensitive) whose name is specified by juiTheme under this URL.
Do not append any slash character to the URL.
Defaults to NULL
layout
public string $layout;
Path alias to layout file.
Defaults to ‘rbam.views.layouts.main’
pageSize
public integer $pageSize;
The number of auth items displayed on a page.
Defaults to 10
rbacManagerRole
public string $rbacManagerRole;
Name of the role that grants permission to manage authorisation items and user role assignments.
Defaults to ‘RBAC Manager’
relationshipsPageSize
public integer $relationshipsPageSize;
The number of auth items displayed in the relationship areas of the Manage Item screen. If empty
defaults to pageSize.
Defaults to 5
showConfirmation
public integer $showConfirmation;
The number of milliseconds to display confirmation dialogs.
Dialogs can be closed before this time by clicking the “OK” button.
Defaults to 3000 (3 seconds)
Page 16 of 41
Role Based Access Manager
showMenu
public boolean $showMenu;
Whether to show the RBAM menu. If true the RBAM module renders the RBAM menu. Set FALSE if
the menu is rendered by the application.
See getMenuItem()
Defaults to TRUE
userClass
public string $userClass;
The class name of the user model
Defaults to ‘User’
userCriteria
public array $userCriteria;
The criteria applied in order to filter the list of users.
CDbCriteria property values indexed by property name.
Defaults to array()
userIdAttribute
public string $userIdAttribute;
The name of the attribute that provides a unique id in the user model.
Defaults to ‘id’
Page 17 of 41
Role Based Access Manager
userNameAttribute
public mixed $userNameAttribute;
Attribute(s) in the user or related models used to display the user's name; compound attributes are
supported, e.g. the user's given and family names, e.g. "Angela Other".
String: if a single attribute, the name of the attribute.
If multiple attributes, a comma delimited list of the join string followed by attribute names. If a
comma is used in the join string escape it with a backslash, e.g. '\, ,given_name,family_name'
Array: the first element is the join string, subsequent elements are attribute names, e.g. array(',
','profile.given_name','profile.family_name')
If using compound elements you can specify which, if any, are to be rendered as initials only by
adding a comma delimited string or array as the final element. This has a similar format as above;
the first element is rendered after an initial and the following elements are the attributes to be
rendered as initials, e.g. array(', ','profile.family_name','profile.given_name',
array('.','profile.given_name')) will render as "Other, A."
NOTE: if using a comma delimited string within a comma delimited string, the delimiting commas in
the internal string must be escaped. If you wish to use a comma as the character after initials it
must be escaped with a backslash, not forgetting to escape the backslash if using a string in a string,
i.e. '\\\,'.
The following are valid and equivalent:
 array(', ','family_name','given_name', array('.','given_name'))
 array(', ','family_name','given_name', '.,given_name')
 '\, ,given_name,family_name,.\,given_name'
Defaults to ‘username’
Method Details
getMenuItem()
public array getMenuItem(array $item=array())
$item array The menu item. Merged recursively with the defaults.
Returns the module menu item, including sub-items.
This method should be used if adding RBAM as an item in a CMenu with other items.
getMenuItems()
public array getMenuItems(array $items=array())
$item array Menu items. Merged recursively with the defaults.
Returns the module menu items and sub-items.
This method should be used if the RBAM menu is "stand-alone".
Page 18 of 41
Role Based Access Manager
Using RBAM
RBAM has two main functions:
 Management of Authorisation Items
 Management of Authorisation Assignments
In addition RBAM can:
 Initialise RBAC authorisation data using built-in or user supplied authorisation data
 Generate authorisation data based on your application’s modules, controllers, and actions
Note: Management of Authorisation Items and Generation of Authorisation Data require
authItemsManager permission, Management of Authorisation Assignments requires
authAssignmentsManager permission, Initialisation of RBAC authorisation data required either
that none currently exists or rbacManagr permission.
Access RBAM at: http://your.domain/index.php?r=[parent module/]*rbam
Unless you are initialising the RBAC system, you will see the RBAM home page.
Figure 2 - RBAM Home Page
Note: The menu options and tasks available depend on what permissions you have and
whether RBAM is in development mode.
Page 19 of 41
Role Based Access Manager
Menu
RBAM can render a menu (showMenu==TRUE) or you can integrate the RBAM menu into your
application's menu using the module's getMenuItem()or getMenuItems() methods. The
following assumes that RBAM is rendering the menu; the details of the menu items are the same for
both cases.
At the top of each page is RBAM’s main menu.
RBAM Menu
Figure 3 - RBAM Menu
The menu has up to four items:
 Auth Assignments – only visible if you have Auth Assignments Manager permission
 Auth Items – only visible if you have Auth Items Manager permission
o Create Role
o Create Task
o Create Operation
 Generate Auth Data – only visible if you have Auth items Manager permission and RBAM is
in development mode
 Re-Initialise RBAC – only visible if you have RBAC Manager permission and RBAM is in
development mode
Page 20 of 41
Role Based Access Manager
Button Icons
These are the icons used on buttons in RBAM
Icon Meaning Description
At the top right of each page in RBAM. Show help for
Help
the page
Add Authorisation Item Add a new Authorisation Item to the RBAC system
Manage Authorisation Item Update the item and/or its relationships
Delete Authorisation Item Permanently remove the item from the RBAC system
Add a new Authorisation Assignment to the RBAC
Add Authorisation Assignment system, granting the user permissions of the role
subject to the assignment’s business rule and data
Update Authorisation Assignment Edit the business rule and/or data for the assignment
Remove the assignment from the RBAC system,
Revoke Authorisation Assignment
removing the permissions of the role from the user
View Role Show users with the role assigned
View user Show the roles that the user has assigned
Figure 4 - RBAM's Button Icons
Page 21 of 41
Role Based Access Manager
Integrated Help
RBAM has help for every page (except the initialisation page). The “Help” icon is at the top right of
each page; click to open the help for that page.
Help icon
Figure 5 - Page Help
Authorisation Items
There are three views that allow you to manage authorisation items:
 Authorisation Items Ove


Use: 0.0451