Time Complexity: Role-based access control (RBAC)
O(r * p)
0
0
Role-based access control (RBAC) in Cybersecurity - Time & Space Complexity
Understanding Time Complexity
When managing who can do what in a system, it is important to understand how the time to check permissions grows as the system gets bigger.
We want to know how long it takes to verify access rights when many users and roles exist.
Scenario Under Consideration
Analyze the time complexity of the following code snippet.
// Check if a user has permission to perform an action
function hasAccess(user, action) {
for (const role of user.roles) {
if (role.permissions.includes(action)) {
return true;
}
}
return false;
}
This code checks each role assigned to a user to see if any role grants the requested permission.
Identify Repeating Operations
Identify the loops, recursion, array traversals that repeat.
- Primary operation: Looping through the user's roles and checking permissions in each role.
- How many times: The loop runs once for each role the user has; inside it, checking permissions may scan multiple permissions.
How Execution Grows With Input
As the number of roles and permissions grows, the time to check access grows roughly by multiplying these counts.
| Input Size (n) | Approx. Operations |
|---|---|
| 10 roles, 5 permissions each | About 50 checks |
| 100 roles, 10 permissions each | About 1,000 checks |
| 1000 roles, 20 permissions each | About 20,000 checks |
Pattern observation: The time grows roughly with the number of roles times the number of permissions checked.
Final Time Complexity
Time Complexity: O(r * p)
This means the time to check access grows with the number of roles (r) a user has and the number of permissions (p) each role contains.
Common Mistake
[X] Wrong: "Checking access is always fast and does not depend on how many roles or permissions exist."
[OK] Correct: The code must look through each role and its permissions, so more roles or permissions mean more work and longer checking time.
Interview Connect
Understanding how access checks scale helps you design systems that stay quick and secure as they grow, a skill valued in real-world cybersecurity roles.
Self-Check
"What if permissions were stored in a fast lookup structure like a set instead of a list? How would the time complexity change?"