RBAC (Role Based Access Control) assigns the user to 1 or more roles. Roles restrict or authorize the access to tables and records. This rights can only be granted by using the login with php sessions.
The RBAC is implemented in the PHP data access class. The access check is activated for an object in the datadefinition by setting "rightcheck=1".
In the data table the column "creatorID" is added. Comparing the creatorID with the logged in user gives the result: own record or foreign record.
By opening the website the user is assigned to the role "0:public". His userID is also 0.
By login the role is replaced by the default roles of the login table: k8login.roles="3,5". The userID is set.
For each object or table, for each CRUD operation (create, read, update, delete) and role an access check is implemented.
This is the data access definition in the datadefinition (masterdata.rights):