Symfony2 // Differences between Roles and Acl

Let’s imagine you have a blog with two users (Ana and Edouard), and want to manage specific actions like:

  • authorize Edouard to add a new contributor to the blog
  • authorize Ana to create, edit and delete her own blog post
  • authorize Edouard to delete Ana’s blog post

What is a Role

A role is a set of permissions hard coded in your application, and you can hard code yourselves. in your application. When checking if Edouard is able to delete Ana’s blog, your application checks in your code the current role the user has..

ACLs

Access Control Lists are useful when you need to take an authorization decision based on a Role + a domain object. Explicitely, they allow to give specific permissions to a specific object for a specific user.

Ana is allowed to edit blog entries written by her only. To check this authorization, you need Ana’s Roles and the Post model she’s trying to edit.

So, Edouard is allowed to all blog entries because he has the ROLE_ADMIN. The decision here is only based on a Role.

 

See Symfony documentation on Security/Roles and Symfony’s documentation on ACLs.

Advertisements
Symfony2 // Differences between Roles and Acl

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s