HomeDownloadsUser GuideDevelopment

User Guide: Features

This page gives a quick overview of the currently implemented and missing features that could be expressed with a Permis authorization policy.

Features

Name Description PDP Editor
Resources An resource is what should be protected by authorization.
Actions An action is what a subject wants to execute on a resource, including a list of parameter types.
Targets A target combines a resource or a set of resources to be protected with a set of actions that are possible on these resources.
Resource Domains A resource domain combines a set of resources.
Subject Domains A subject domain combines a set of subjects.
Roles (RBAC 0) A role assigns the holder a set of authorized privileges.
Role Hierarchies (RBAC 1) A superior role gets all privileges of a subordinate role.
Target Access Rules A target access rule defines a set of roles that are allowed to access a target.
Conditions for Target Access Rules Conditions are additional constraints that must be true for a target access rule. E. g. access is only granted between 9am and 11am.
Role Assignment Rules A role assignment rule defines which subjects are allowed to assign which roles, and if a subject can delegate an assigned role.
Obligations An obligation is an operation specified in a policy that should be performed by the PEP Policy Enforcement Point in conjunction with the enforcement of an authorization decision
Static Separation of Duties (SoD) Define mutually exclusive roles.
Dynamic Separation of Duties (DSoD) Define mutually exclusive roles in the context of a dynamic session.