認可モデル
- 参考
ACL
- Subject can Action to Object
- イメージ
- [subject: alice] can [action: create] to [object: article]
Role-Based Access Control
- Subject is a Role which has Permission of Action to Object
- イメージ
- [role: manager] can [create:article, create:member]
- [subject: bob] has [role: manager]
Attribute-Based Access Control
- ルールベース(ユーザ属性や環境など)
- Subject who is xxx can Action to Object which is xxx in Environment
AWS
RBAC
ABAC
- リソースベースのPolicy
- IAM Entity(アクセス主体)ではなく、リソースに対してPolicyをアタッチする
- クロスアカウントのアクセス時に便利
- https://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
- tagによるABAC