How To Simple RBAC

Since I have been asked a few times for a “how to” for my “Role Based Access Control” library, I want to summarize this in a little blog post. Maybe the last one for 2018 🙂

Simple-RBAC ist designed to be lightweight. The main purpose is to grant or deny permissions to users using RBAC. For more theory, check the library’s initial blog post.


Let’s assume we are organizing our users, roles and permissions in a simple MySQL database. The database structure has to be at least like this:

rbac demonstration
Tool used:

As we can see, permissions are not directly assigned to users. Instead, one permission can be assigned to one or more roles. And one user can be assigned to multiple roles.

Implementing IUser

The IUser class represents the user for whom the permission is seeked. Since users are organized in roles, we need to retrieve all roles of the user.

Using the database scheme above, this can be achieved a simple SQL query:

These roles are then added as an instance of IRole to the a binary search tree which represents the user’s roles. The roles are then added to the user using the setRoles() method.

Implementing IDataProvider

The IDataProvider interface is used in the PermissionHandler class to provide all necessary data for permission granting/denying. There are three main data sources: the user (see above), all permissions and roles and default permissions.

In order to find the/one common role, all permissions have to assign the corresponding role. We can retrieve roles and permissions with:

Retrieving this permissions enables us to create IPermission instances and add the roles with:

The roles are also organized in Binary Search Trees and added to the Permission instance with the setRoles() method.


Writing this blog post, I realized that it is a little awkward. I will improve the way adding roles to users/permissions in the future. For now, you can check the test sources for more examples at GitHub: