Menu
I am new to symfony2 and i am confused with the terms and what is use case for these. can anyone please explain what is the difference between
320
Access Control Lists (ACL) in Linux. Last Updated : 02 May, 2018. What is ACL ? Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
Under Application Logic, select Application Access Control. The Application Access Control page appears. Under User Role Assignments, click Add User Role Assignment. The User Assignment dialog appears. User Name - Enter a descriptive name for this role.
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. Use of ACL : Think of a scenario in which a particular user is not a member...
IAM policies can only be attached to the root level of the bucket and cannot control object-level permissions. Using ACL is that you can control the access level of not only buckets but also of an object using it. I hope you have learned the difference between IAM policies, S3 policies, and S3 ACLs.
Let's take the most basic example: a Blog application (again).
When building a blog application, you often need to authenticate users and authorize them to do specific actions, like:
A role represents a set of permissions, hard coded in your application. When checking if a user is allowed to add a new contributor to the blog, your code checks if the current user has the Role "ROLE_ADMIN".
That's why Bob (he has the ROLE_ADMIN) is allowed to add a Alice as a new Contributor. See Symfony documentation on Security/Roles.
When a user belongs to a group, she's usually entitled a set of Roles. Alice belongs to the group "Contributors", so she has the Roles ROLE_STATS (she's allowed to see the blog stats) and ROLE_POST (she's allowed to post a new blog entry).
Again, this concept is not hard coded in Symfony, but developers usually think it that way. See some bit on managing Roles in a database with Groups.
Access Control Lists come in handy when you need to take a authorization decision based on a Role + a domain object.
Alice is allowed to edit blog entries written by her only. To check this authorization, you need Alice's Roles and the Post model she's trying to edit. Symfony's documentation on ACLs is also pretty clear about that.
Oh, and Bob is allowed to edit all blog entries because he has the ROLE_ADMIN. The decision here is only based on a Role.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
