I am trying to implement RBAC to a system but I endup creating an ACL instead due to my low understanding of this archtecture.
What I already have implemented:
- Created User model.
- Created Groups with different permissions from User model.
- Designated each user to each group based on their permissions.
For instance, there are two groups, one is the
admin_group with create, delete, view and change permissions for the User model. The second one is the àpplicant_group` with only view and create permissions, also for the User model.
My question is, if I added roles to the User model and assign each role for each group, will it be a role-based-access-control archtecture or it will still as ACL?
What are the steps I should implement to provide a simple rbac from acl or it is not possible?