Re: [xacml-users] Requesting an example of hierarchical roles inXACML

[Ludwig Seitz <ludwig@axiomatics.com>]

On Wed, 2009-12-02 at 16:22 -0600, Loren Cahlander wrote:
> Hello,
> 
> 
> My name is Loren Cahlander.  I am active in the eXist-db Open Source
> Native XML Database (http://exist-db.org) community and am in the
> process of implementing role-based access control within eXist.  I
> need some help.
> 
> 
> Does anyone out there have an example of a Policy or PolicySet that
> defines hierarchical roles?  Something like:
> 
> 
> Hospital Staff
> |
> + Medical Personnel
> | |
> | + Physician
> | |
> | + Lab Tech
> | |
> | + Nurse
> |
> |
> |
> 

As far as I understand the RBAC profile you should do this:

PolicySet Main
	PolicyReference Hospital Staff
	PolicyReference Medical Personnel
	PolicyReference Physician
	PolicyReference Lab Tech
 	PolicyReference Nurse
PolicySet Hospital Staff
	Target role == Hospital Staff
	PolicyReference Hospital Staff permissions
PolicySet Medical Personnel
 	Target role == Medical Personnel
	PolicyReference Medical Personnel permissions
PolicySet Physician
	Target role == Physician
	PolicyReference Physician permissions
PolicySet Lab Tech
	Target role == Lab Tech
	PolicyReference Lab Tech permissions
PolicySet Nurse
	Target role == Nurse
	PolicyReference Nurse permissions
PolicySet Hospital Staff permissions
	.
	.
	.
PolicySet Medcial Personnel permissions
	PolicyReference Hospital Staff permissions
	.
	.
	.
PolicySet Physician permissions
	PolicyReference Medical Personnel permissions
	.
	.
	.
PolicySet Lab Tech permissions
	PolicyReference Medical Personnel permissions
	.
	.
	.
PolicySet Nurse
	PolicyReference Medical Personnel permissions
	.
	.
	.


Hope it helps.

Regards,

Ludwig Seitz

-- 
Ludwig Seitz, PhD             |   Axiomatics AB
Training & Development        |   Electrum 223
Phone: +46 (0)760 44 22 91    |   S-164 40 Kista, Sweden
Mail: ludwig@axiomatics.com   |

This is a digitally signed message part