3

Lets say there are resources like the files. Who, when, where have an access to the individual file is not a problem. Assume that there is a resource like a directory which has its own attributes and contain other files, directories and/or some other items. Now there is a user which have an access to a directory but does not have access (even to see the name/title) to some of the files or sub-diectories.

How to filter the directory to contain only the files which a user may access, if the policy decision is separated from a business logic. Should I check each file individually?

If yes then if the directory contains 10M files and user has access only to a couple of files how to identify that files?

4

1 回答 1

2

首先,您必须确定资源是什么:是文件夹还是文件?抽象意义上的文件(意味着文件夹和文件)?当且仅当您可以查看其祖先时,您是否可以查看文件?换句话说,有一个层次结构。

撇开这些问题不谈,当涉及到对大量数据的访问控制时,您可以采取两种方法:

  1. 使用多决策配置文件为多个项目创建授权请求。多决策配置文件 (MDP) 请求看起来像Alice 可以查看文件 A 和 B 和 C 和 ... Z吗?PDP 将做出与原始问题中的项目一样多的决定。MDP 适用于数千或更少的项目。
  2. 如果您有大量项目或未知数量的项目,您可以运行称为反向查询(ARQ) 的反向过程,而不是问是/否问题,而是问一个开放式问题,例如告诉我爱丽丝可以查看哪些文件如果 docStatus==draft AND docDept=Sales,PDP 将使用过滤器表达式进行响应,例如Permit 。然后,您将让 PEP 将过滤器转换为适当的过滤器,例如文件过滤器。
于 2015-02-11T12:10:29.027 回答