Super Admin
Super Admin is the administrator of the whole system, we can use it in models like RBAC, ABAC and RBAC with domains etc. The detailed example is as follows:
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act || r.sub == "root"
It illustrates that as for the defined request_definition
, policy_definition
, policy_effect
and matchers
, Casbin judges if the request can match the policy, or most importantly, if the sub
is root. Once the judgment is correct, the authorization then is allowed, and the user has permission to do everything.
Just like the root of Linux systems, after the users are authorized as root, then we have the permissions to access all the files and settings. So if we want sub
to have the full access to the whole system, we can let it become the super admin, then the sub
has the permission to do everything.