{"id":60291,"date":"2022-12-05T14:59:20","date_gmt":"2022-12-05T06:59:20","guid":{"rendered":"https:\/\/version-2.com\/?p=60291"},"modified":"2023-07-24T18:37:47","modified_gmt":"2023-07-24T10:37:47","slug":"choosing-the-right-access-control-model","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/12\/choosing-the-right-access-control-model\/","title":{"rendered":"Choosing the Right Access Control Model"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"60291\" class=\"elementor elementor-60291\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\" width=\"1800\" height=\"1112\" \/>\n\n<div data-v-85c4bf60=\"\" data-v-0bbc59dc=\"\" class=\"news-detail-inner-content\"><p>In my previous article,&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.vicarius.io\/vsociety\/blog\/code-security-and-safety-tips-when-writing-guidelines\">Code security and safety tips when making guidelines<\/a>, I mentioned that it is very important to give someone access based on the role assigned in your system. I have also mentioned the 3 most widely accepted access control models: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Permission Based Access Control (PBAC).<\/p><p>Choosing the right access control model for your project\/organization is of great importance from a security point of view. With the proper implementation, you can prevent unauthorized access to the resources. Thus, you can prevent possible attacks.<\/p><p>There are more access control models, and I will try to show you their differences. By doing that, I will help you choose the best model for your application.&nbsp;<\/p><p><\/p><h4><em>How to determine which access control you should give to the user\/employee?<\/em><\/h4><p>First, you would need to identify the person&#8217;s job. Then you would need to authenticate them by their identification, and then you would need to grant a person access to the hardware\/software they need. By doing that, you must ensure they have the right level of permission to the organization&#8217;s resources to do their job. At this stage, you would need to choose the type of access control model.<\/p><p><\/p><h4><em>Main categorization of access control models<\/em><\/h4><p>There are 6 main types of access control models:<\/p><ul><li><p>Mandatory Access Control (MAC)<\/p><\/li><li><p>Discretionary Access Control (DAC)<\/p><\/li><li><p>Role-Based Access Control (RBAC)<\/p><\/li><li><p>Rule-Based Access Control&nbsp;<\/p><\/li><li><p>Attribute-Based Access Control (ABAC)<\/p><\/li><li><p>Risk-Based Access Control<\/p><\/li><\/ul><p>&nbsp;<\/p><p><strong>Mandatory Access Control&nbsp;<\/strong>\u2013 This model gives access controls only to the system&#8217;s owner. The end user doesn&#8217;t have any rights. The system owner can allow the end user which resources to access. This model has the highest level of restriction compared to the other models.<\/p><p>Because of its restrictive level, this model is used in government facilities and\/or the military.<\/p><p>This model is also connected with two security models: Bell-LaPadula and Biba.<\/p><p>Biba allows the user with a lower-level classification to read higher-level info and the user with a higher-level classification to write to lower levels.<\/p><p>Bell-LaPadula allows the user with higher-level classification to write on its level and not on the lower levels, but they can read at lower levels.<\/p><p>If you want to know more about these two security models, check out Bell-LaPadula and Biba&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.youtube.com\/watch?v=SfryxGRXoVg&amp;ab_channel=Skillset\">video<\/a>. You can also check out&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.studynotesandtheory.com\/single-post\/the-clark-wilson-model\">Clark Wilson model<\/a>, which focuses on upholding integrity.<\/p><p>&nbsp;<\/p><p><strong>Discretionary Access Control&nbsp;<\/strong>\u2013 This model gives all access controls to the user. It is the opposite compared to the MAC. As you can guess, the implementation of this model can lead to many cyber attacks, so you must be very aware of its flaws if you plan to use it.<\/p><p>&nbsp;<\/p><p><strong>Role-Based Access Control&nbsp;<\/strong>\u2013 This model gives predefined permissions based on the employee&#8217;s position. This can be tricky to implement if you need to later modify a person&#8217;s permissions and provide some specific access to some resource.<\/p><p>&nbsp;<\/p><p><strong>Rule-Based Access Control&nbsp;<\/strong>\u2013 This model gives access control based on rules. The system administrator manages the rules, checks the boxes, or adds some code to the settings. In the web application, this can be implemented in some settings page where you would have, for example, a list of rules, and by each rule you would have some check box. Depending on which of the rules you will check, you can save it and have the rules list you can use to assign to someone\/or some custom role, etc.&nbsp;<\/p><p>&nbsp;<\/p><p><strong>Attribute-Based Access Control&nbsp;<\/strong>\u2013 This model is defined by attributes. Attributes are tightly coupled with subject, object, environment, and actions. This means that we would have a lot of variations based on mentioned attributes, which could lead to increased implementation difficulty\/complexity.&nbsp;&nbsp;<\/p><p>&nbsp;<\/p><p><strong>Risk-Based Access Control&nbsp;<\/strong>\u2013 This model gives access based on risk evaluation. Mainly the profile risk of the user who is going to log in is evaluated. For example, if the user logs in from a different location, the risk is higher, and they will be prompted to further authenticate.<\/p><p>&nbsp;<\/p><h4><em>Example of implementation of Role-Based Access Control in the web application<\/em><\/h4><p>For this example, I am going to use the Angular framework. You will see in the code below that I am checking roles in two cases. The first case is when you navigate to a certain page if the user has access to it, and the second is if the user has access but should be permitted to see a certain part of the page, or they have just read rights but not write&#8230;&nbsp;<\/p><p>Create RoleGuard class that will implement the&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/angular.io\/api\/router\/CanActivate\">CanActivate<\/a>&nbsp;interface. As mentioned on the Angular official site, the canActivate method will return true if the route can be activated. It will give the access and false if the requested route cannot be activated.&nbsp;<\/p><p>As you can see from the code, in local storage, roles were stored, and in the isRoleAssigned method, it is checked whether the user has the required role from the list of roles in the method&#8217;s input. If the user has the role, the method will return true, and it will navigate to the required route, and with false, the user will be redirected to the home page, for example (or maybe some custom page).<\/p><p>&nbsp;<\/p><pre><code>import {\n&nbsp;ActivatedRouteSnapshot,\n&nbsp;CanActivate,\n&nbsp;Router,\n} from \"@angular\/router\";\n&nbsp;\n@Injectable()\nexport class RoleGuard implements CanActivate {\n&nbsp;constructor(\n&nbsp;&nbsp;private route: Router,\n&nbsp;&nbsp;private _localStorage: LocalStorageManager\n&nbsp;) {\n&nbsp;&nbsp;}\n&nbsp;\n&nbsp;public canActivate(route: ActivatedRouteSnapshot): Observable&lt;boolean&gt; | boolean{\n&nbsp;&nbsp;return this.isRoleAssigned(route.data.roles);\n&nbsp;}\n&nbsp;\n&nbsp;private isRoleAssigned(roles: string[]): boolean {\n&nbsp;&nbsp;let assignedRoles = this._localStorage.retrieveObject(\n&nbsp; &nbsp;this._localStorage.roles\n&nbsp;&nbsp;);\n&nbsp;&nbsp;if (assignedRoles.roles.filter(role =&gt; roles.includes(role)).length &gt; 0) {\n&nbsp; &nbsp;return true\n&nbsp;&nbsp;} else {\n&nbsp; &nbsp;this.route.navigateByUrl(\"home\");\n&nbsp; &nbsp;return false\n&nbsp;&nbsp;}\n&nbsp;}\n}<\/code><\/pre><p>&nbsp;<\/p><p>In app.routing.ts, import RoleGuard and as you can see, we are sending in the data, which is a list of roles someone needs to have to get to the wanted route.<\/p><p>&nbsp;<\/p><pre><code>import { RoleGuard } from \".\/auth\/role.guard\";\n&nbsp;\nexport const routes: Routes = [\n\u2026,\n&nbsp;{\n&nbsp;&nbsp;path: \"user-statistic-report\",\n&nbsp;&nbsp;component: UserStatisticReportComponent,\n&nbsp;&nbsp;data: { title: \"User Statistic Report\", roles: [\"Manager\"]},\n&nbsp;&nbsp;canActivate: [AuthGuard, RoleGuard],\n&nbsp;},\n\u2026<\/code><\/pre><p>&nbsp;<\/p><p>That part explained the routing part. The code below will present the state of the button based on the role.<\/p><p>So, I have implemented the role service in which I get assigned roles. And I am calling it on the page to check whether the user has the required role. For example, are they a Manager or an Admin.<\/p><p>&nbsp;<\/p><pre><code>&nbsp;get isManagerOrAdmin() {\n&nbsp;&nbsp;return (\n&nbsp; &nbsp;this.roleService.userRoles &amp;&amp;\n&nbsp; &nbsp;(this.roleService.checkRole(Roles.MANAGER) || this.roleService.checkRole(Roles.ADMINISTRATOR))\n&nbsp;&nbsp;);\n&nbsp;}<\/code><\/pre><p>&nbsp;<\/p><p>When the page is initializing, I will call the mentioned method, and based on the outcome, I will enable or disable the button that has the function of saving the report.<\/p><p>&nbsp;<\/p><pre><code>&nbsp;ngOnInit(): void {\n&nbsp;&nbsp;if (!this.isManagerOrAdmin) {\n&nbsp; &nbsp;&nbsp;this._buttons.find(x =&gt; x.title === \"Save report\").display = false\n&nbsp;&nbsp;}\n\u2026\n&nbsp;}<\/code><\/pre><p>&nbsp;<\/p><h3><strong>Conclusion<\/strong><\/h3><p>Establishing the model you want to use that is the best for your project\/organization is very important. For example, a company with smaller applications will easily implement the Discretionary Access Control model. And other companies whose applications contain highly confidential or sensitive information would prefer to use Role-Based Access Control or Mandatory Access Control models.<\/p><p>I would say put everything &#8220;on paper&#8221; before you choose the right model; All the requirements your project\/organization now has and the ones it could have in the future.<\/p><p>&nbsp;<\/p><p>Cover photo by&nbsp;<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/unsplash.com\/photos\/LNwIJHUtED4\">Victor Forgacs<\/a><\/p><p>#appSec #accessControlModels<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In my previous article,&nbsp;Code security and safety t [&hellip;]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[488,476,61],"tags":[477,489],"class_list":["post-60291","post","type-post","status-publish","format-standard","hentry","category-488","category-vrx","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Choosing the Right Access Control Model - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Choosing the Right Access Control Model - Version 2\" \/>\n<meta property=\"og:description\" content=\"In my previous article,&nbsp;Code security and safety t [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-05T06:59:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-24T10:37:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/12\\\/choosing-the-right-access-control-model\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Choosing the Right Access Control Model\",\"datePublished\":\"2022-12-05T06:59:20+00:00\",\"dateModified\":\"2023-07-24T10:37:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/12\\\/choosing-the-right-access-control-model\\\/\"},\"wordCount\":1130,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"2022\",\"vRx\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/12\\\/choosing-the-right-access-control-model\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model\",\"name\":\"Choosing the Right Access Control Model - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\",\"datePublished\":\"2022-12-05T06:59:20+00:00\",\"dateModified\":\"2023-07-24T10:37:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/choosing-the-right-access-control-model#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Choosing the Right Access Control Model\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Choosing the Right Access Control Model - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model","og_locale":"zh_HK","og_type":"article","og_title":"Choosing the Right Access Control Model - Version 2","og_description":"In my previous article,&nbsp;Code security and safety t [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model","og_site_name":"Version 2","article_published_time":"2022-12-05T06:59:20+00:00","article_modified_time":"2023-07-24T10:37:47+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"7 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/12\/choosing-the-right-access-control-model\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Choosing the Right Access Control Model","datePublished":"2022-12-05T06:59:20+00:00","dateModified":"2023-07-24T10:37:47+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/12\/choosing-the-right-access-control-model\/"},"wordCount":1130,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max","keywords":["vRx","2022"],"articleSection":["2022","vRx","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/12\/choosing-the-right-access-control-model\/","url":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model","name":"Choosing the Right Access Control Model - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max","datePublished":"2022-12-05T06:59:20+00:00","dateModified":"2023-07-24T10:37:47+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clawmqqhc0y4h0kmpfc5bgrd4.jpg?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/choosing-the-right-access-control-model#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Choosing the Right Access Control Model"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-fGr","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=60291"}],"version-history":[{"count":8,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60291\/revisions"}],"predecessor-version":[{"id":69443,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/60291\/revisions\/69443"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=60291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=60291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=60291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}