Subject, object, operation and permission
From Erights
(Difference between revisions)
(The definition of the term `permissions' was simplified not to scare the reader with the notion of a ternary relation. Rather, some well chosen examples may make that more clear.) |
|||
| Line 1: | Line 1: | ||
== Definition == | == Definition == | ||
| - | From a security point of view, we recognize | + | From a security point of view, we recognize '''subjects''' and '''objects''' |
| - | + | ||
| - | + | '''Subjects''' are active entities (e.g. UNIX processes) with some behavior. '''Subjects''' can designate '''objects''' and try to perform some supported '''operations''' with them. | |
| - | '''Subjects''' are active entities (e.g. UNIX processes) with some behavior. Subjects can designate '''objects''' and try to perform some supported '''operations''' with them. | + | |
What kind of operations can be performed with an object depends on its type. | What kind of operations can be performed with an object depends on its type. | ||
Revision as of 04:51, 16 June 2009
Definition
From a security point of view, we recognize subjects and objects
Subjects are active entities (e.g. UNIX processes) with some behavior. Subjects can designate objects and try to perform some supported operations with them.
What kind of operations can be performed with an object depends on its type.
In general, the set of existing objects and subjects changes over time.
Permissions is a relation that defines which operations on what objects are permitted for particular subjects.
