alt Hacker NewsI hear what you are saying but many, many people who have dedicated their life to this topic disagree with you. Onions have layers for a reason.
RBAC by nature requires a Creator. ZeroTrust networks still require gateways.
I hear what you are saying but many, many people who have dedicated their life to this topic disagree with you. Onions have layers for a reason.
RBAC by nature requires a Creator. ZeroTrust networks still require gateways.
I'm not saying there can't be an admin who can create roles, or do some extra authentication to gain that privilege. I am saying that it shouldn't require assuming an all powerful user to do it. You should be able to do it from your actual account. This is good for keeping accurate records too since all actions are done by the users themselves. Yes, technically sudo can be logged, but it's bypassable by starting a shell.