[Deploying Sakai] [Building Sakai] Sakai role system 101

Kurosch Petzold kurosch.petzold at fu-berlin.de
Thu May 15 13:57:33 PDT 2014


thanks for your reply. That link was really helpful, though I knew most of
it already.

Please bear with me as there are some stupid understanding issues included.

So my questions are:
[] First of all there are four models of RBAC in general (Core, Hierarchy,
Constraint and Consolidate). Sakais model uses something similar to the
core model right?

[] RBAC96 hierarchy model (I mean hierarchy part) may be simulated to some
extend with syncs between !site.template.course with course sites (updates
can be inherited through sync) or through the !site.helper realm

[] Is it possible to have admin roles with different permissions? Have an
admin without "become user" capability or limited permissions in something
like worksite setup -> can only create project sites or site and realm
browser with view only functionality? if not is it planned?

[] Could you elaborate on the groups part? What are they used for, can the
group.* realms override permissions from site.* realms?

[] Just out of curiosity who developed that model?

Kurosch Petzold

> It is custom.  Steve wrote up a good page here:
> http://steveswinsburg.wordpress.com/2009/05/30/roles-in-sakai-sites/
> Sites have realms; realms contain roles; roles contain permissions.
> Sites also contain groups; groups have their own realm; realms contain
> roles; roles contain permissions.
> What specific questions do you have about Sakai's role-based access
> control?
> On Tue, May 13, 2014 at 12:55 PM, Kurosch Petzold <
> kurosch.petzold at fu-berlin.de> wrote:
>> Hello,
>> is there any detailed documentation available for the role system used
>> in
>> Sakai. I know it is Role-Based Access Control (RBAC) but there is hardly
>> any information about any specifics how it is implemented or whether it
>> uses RBAC96, NIST model, another model or a custom model.
>> I would really appreciate any help as I need to document how the
>> complete
>> role system works for my thesis and it would help us expand our IT
>> proceedings documentation.
>> Best regards,
>> Kurosch
>> _______________________________________________
>> production mailing list
>> production at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/production
>> TO UNSUBSCRIBE: send email to
>> production-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"

More information about the production mailing list