“Permission Model (RBAC/ABAC)” recently studied the permission model. After reading AWS IAM, I deeply feel that AWS IAM is exquisitely designed. In my personal opinion, RBAC is not enough for some scenarios, mainly because the control granularity is not enough. For example, if I want to control a role and only operate the resources of a certain cluster, RBAC cannot express it. ABAC can be expressed, but ABAC is much more complicated. AWS IAM is ABAC, but it is very easy to use. Another way is to magically change RBAC, by adding a condition to reduce permissions, so as to achieve refined control…
This article is reprinted from https://jiajunhuang.com/articles/2022_07_15-access_control.md.html
This site is for inclusion only, and the copyright belongs to the original author.