|
|
|
The "entity" may be a set of entities referred to by a single identifier. The members of the set must be distinguishable, but the set may have an identity separate from any of its elements.
Principals often need to share access to files. Most systems allow principals to be grouped into sets called, logically enough, groups. Groups are essentially a shorthand tool for assigning rights to a set of principals simultaneously.
Two implementations of groups provide different abilities and therefore are based on different models. The first simply uses a group as an alias for a set of principals. Principals are assigned to groups, and they stay in those groups for the lifetimes of their sessions. The second model allows principals to change from one group to another. After each change, the rights belonging to the principal as a member of the previous group are discarded and the rights of the new group are added.
The difference lies in the representations of identity. In the former model, the identity assigned to a principal remains static; it is the principal identity and the set of identities of each group that the principal is a part of. This identity does not change throughout the lifetime of the session. In the latter model, the identity of the principal is the identity of the user and the set of identities of each group of which the principal is currently a member. It is dynamic, and should the principal change from one group to another, the identity of that principal also changes.
In practice, one discusses "user identity" and "group identity."
|
EXAMPLE: UNIX users are assigned membership to a group when they log in [680]. Each process has two identities, a "user identification" and a "group identification." On older UNIX systems, each principal can be in only one group at a time. The command newgrp(1) changes this identity. The principal can change to any group of which he is a member. On other UNIX systems, each principal can be in several groups at a time. On login, the user is placed into all groups of which he is a member. |
A role is a type of group that ties membership to function. When a principal assumes a role, the principal is given certain rights that belong to that role. When the principal leaves the role, those rights are removed. The rights given are consistent with the functionality that the principal needs to perform the tasks expected of members of the role.
|
EXAMPLE: On the DG/UX system, system administration privileges belong to the sysadmin role, not the root user [257]. That user's rights are restricted. The sysuser user can assume the sysadmin role to administer the host, or the netadmin role to administer the network. Several such roles are defined. |
|
|
|
| Top |