abac

ABAC with keycloak - Using Resource attributes in policy

∥☆過路亽.° 提交于 2019-12-08 01:16:09
问题 What I am trying to achieve Protect a resource in Keycloak with policy like: if (resource.status == 'draft') $evaluation.grant(); else $evaluation.deny(); Going by their official documents and mailing list responses, it seems attribute based access control is possible, however, I could not find a way of getting it to work. What I have tried Using Authorization Services: I was unable to figure out where and how I can inject the attributes from the resource instance. Using Authorization Context

How to assign dynamically components/fields permissions to certain roles in Angular?

半腔热情 提交于 2019-12-02 07:37:14
问题 I am working on an Angular 7 project and developing a role/permission management dashboard where a super-admin can assign and manage rolesx and their permissions respectively by clicking the check boxes. What I was specifically tasked to do is implement something similar to what is implemented in VtigerCRM So when the super user assigns permission, the user should be assigned access to that particular component and/or that particular field in the component. I'm wondering is there a way to

Resource based authorization with Azure AD?

蓝咒 提交于 2019-12-02 02:27:54
问题 Here is the scenario, I have a service containing many records. My service also has many users, each with the ability to create, read, update and delete records. The ability to perform these operations on each record must be controlled at the record level. For example, user A can only read and update record 1 but user B can read, update and delete records 1, 2 and 3 and user C can perform all operations on all records. How if at all, can this be done using Azure AD? Obviously, using