RBAC gives more control over actions an account can perform
If you are granted some action by a role but you have denied that permission, the action can not be done.
See rbac_permissions table for complete listing of available permissions and associated id. This table is self-explanatory.
Name | Syntax | Description |
---|---|---|
.rbac account | Syntax: .rbac account [$account] | View permissions of selected player or given account Note: Only those that affect current realm Note: Shows real permissions after checking group and roles |
.rbac account permission | Syntax: .rbac account list [$account] | View permissions of selected player or given account Note: Only those that affect current realm Note: Only those directly granted or denied, does not include inherited permissions from roles |
.rbac account grant | Syntax: .rbac account grant [$account] #id [#realmId] | Grant a permission to selected player or given account. #reamID may be -1 for all realms. |
.rbac account deny | Syntax: .rbac account deny [$account] #id [#realmId] | Deny a permission to selected player or given account. #reamID may be -1 for all realms. |
.rbac account revoke | Syntax: .rbac account revoke [$account] #id | Remove a permission from an account Note: Removes the permission from granted or denied permissions |
.rbac list | Syntax: .rbac list | View list of all permissions. If $id is given will show only info for that permission. |
Related tables (`auth` database)
Table Name | Table Description | Field Name | Field Type | Field Description |
---|---|---|---|---|
rbac_account_permissions | Account-Permission relation | accountId | int | Account id |
permissionId | int | Permission id | ||
granted | int | Granted = 1, Denied = 0 | ||
realmId | int | Realm Id, -1 means all | ||
rbac_permissions | Permission List | id | int | Permission id |
name | text | Permission name | ||
rbac_default_permissions | Default permissions to assign to a specific security level (account_access) | secId | int | Security Level id |
permissionId | int | Permission id | ||
rbac_linked_permissions | Assigns permissions to roles (see rbac_permissions for permissions with name "role") Can also be used to link permissions to permissions (creating new roles) | id | int | Security Level id |
linkedId | int | Permission id |
Create a web interface (in PHP or other accessible web technology) to ease the management of the RBAC system. If simple and good enough, it could possibly be added to TrinityCore repository (/contrib/ directory)! |