Access control List(ACL) in CakePHP

An Access control list or ACL is used to make access control for each of the logins and handle security of the app.

For example, ACL handles menu level permission access and function or module level access permission. When a subject requests an operation on an object in an ACL-based security model the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system’s hierarchy.
ACL basically handles 2 things:

ARO(Access Request Object):

Aros are of usergroups and users. Each of the users are mapped to aros to know the group he belongs to.

ACO(Access Control Object):

Aros are of menus and modules. Where every usergroup will have permissions to access each of these menus and modules.

Essentially, ACL is what is used to decide when an ARO can have access to an ACO.

In order to help you understand how everything works together, let’s use a semi-practical example. Imagine, for a moment, a computer system used by a familiar group of fantasy novel adventurers from the Lord of the Rings. The leader of the group, Gandalf, wants to manage the party’s assets while maintaining a healthy amount of privacy and security for the other members of the party. The first thing he needs to do is create a list of the AROs involved:
  • Gandalf
  • Aragorn
  • Bilbo
  • Frodo
  • Gollum
  • Legolas
  • Gimli
  • Pippin
The next thing Gandalf needs to do is make an initial list of things, or ACOs, the system will handle. His list might look something like:
  • Weapons
  • The One Ring
  • Salted Pork
  • Diplomacy
  • Ale
Read more…

Source: InstaCarma

Comments

Post a Comment

Popular posts from this blog

DevOps Basics You Should Know Before Adopting Services

Before you consider   D evOps service   for your organization to embrace this new approach, it is critical for you to develop at least a basic understanding of what all it takes for the holistic implementation of devOps for your organization. Just like agile, the adoption of devOps also involves embracing a set of practices that result from an organizational attitude, philosophy and culture. This is the reason why adopting devOps can be a bit misleading since the organizations are likely to undertake a few of the devOps related activities according to their understanding of it, and thereby, start believing that they have implemented it successfully – regardless of whether these activities define devOps or not. By this, we mean to say that more than being just a set of activities, devOps is a cultural change that an organization needs to make, for embracing it wholeheartedly. So, exactly what all does the devOps culture comprise of? To get there, we need to understand what m...
Read more

Quality 24/7 Outsourcing Technical Support

Image
The market is abound with web hosting service providers who claim to offer 24*7 outsourcing technical support for your web hosting business. Amidst the multiple technical support providers of seemingly similar offerings and promises of high service quality, you are bound to use your judgment to decide which would be the best one to meet your business needs and adequately address to the needs of your clientèle as well. And then, at the end of the day, does ‘availing a 24*7 support provider’ necessarily translate into getting to on-board the support staff for ‘instant and anytime availability’? Not always! So, what all are the challenges that you might encounter on your way to realistically finding a services provider that just about fits the bill for your business needs? We have compiled a list of all such challenges that you must be aware of, well in advance, to help you compare and make an informed decision with ease. 1. Round-the-clock support usually transla...
Read more

Outsourcing Your IT Support Is The Best Decision For Your Business

Outsourcing has always been a strategic move by companies for streamlining the business processes and reducing capital and overhead costs. But in the last decade, outsourcing has seen a great rise in the technical support area and is expected to grow by another 6 percent in the next two years. This rise in  technical support outsourcing  can be attributed to the bloom and growth of the digital era. More organizations are making high-standard IT and infrastructure their competitive edge and riding on the efficiency and cost-reducing benefits of outsourcing to pull ahead of the crowd. For every company, the factors involved in outsourcing a project is different. These should be assessed and understood at the company level with a professional & credible IT support provider. The benefits of outsourcing IT, however, are more or less the same. We spoke to a few entrepreneurs and senior project managers who chose to outsource their managed IT needs and given below are the...
Read more