Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

What is RBAC?

From Wikipedia:

"In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees,[3] and can implement mandatory access control (MAC) or discretionary access control (DAC). RBAC is sometimes referred to as role-based security."


The primary goals for this RFC are:

  • Implement role-based access control as an alternative to access control lists (Zend\Permission\Acl).
  • Utilize PHP 5.3 SPL datastructures (RecursiveIterator and RecursiveIteratorIterator).


The requirements are as follows:

  • Many to many relationship between identities and roles.
  • Many to many relationship between roles and permissions.
  • A role can have a parent (inheritance must be supported).
  • Dynamic assertions must be supported.

Given the requirements, RBAC is a perfect fit for a composite pattern ( combined with SPL RecursiveIterator.

Class skeletons


Setting up roles and permissions


Dynamic assertions

Dynamic assertions can be provided via an AssertionInterface (Zend\Permission\Rbac\AssertionInterface) or by simply passing a closure. For example,


Working example

The SpiffySecurity module currently implements the Rbac code and can be found at

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.