[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] RBACPP requirement question

From: Casey Schaufler <casey schaufler-ca com>
To: Klaus Weidner <klaus atsec com>, Linda Knippers <linda knippers hp com>
Cc: lspp-list <redhat-lspp redhat com>, Irina Boverman <iboverma redhat com>
Subject: Re: [redhat-lspp] RBACPP requirement question
Date: Wed, 14 Jun 2006 12:01:16 -0700 (PDT)

--- Klaus Weidner <klaus atsec com> wrote:

> Please comment if you have opinions about handling
> roles, especially from
> an end user point of view.

Roles work best when they associate a specific
set of actions with a specific set of information.
This is why the auditadm role is a good idea
and the secadm role is a poor one. The Type
Enforcement mechanism of SELinux implements
this sort of association. Just for grins, let
me suggest that y'all look into deriving role
definitions from relationships defined in
the system policy. If nothing else, this should
prove a valuable cross-check on the
appropriateness of the policies.

Casey Schaufler
casey schaufler-ca com

References:
- Re: [redhat-lspp] RBACPP requirement question
  - From: Klaus Weidner

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]