abac

问题 What I am trying to achieve Protect a resource in Keycloak with policy like: if (resource.status == 'draft') $evaluation.grant(); else $evaluation.deny(); Going by their official documents and mailing list responses, it seems attribute based access control is possible, however, I could not find a way of getting it to work. What I have tried Using Authorization Services: I was unable to figure out where and how I can inject the attributes from the resource instance. Using Authorization Context

问题 I am working on an Angular 7 project and developing a role/permission management dashboard where a super-admin can assign and manage rolesx and their permissions respectively by clicking the check boxes. What I was specifically tasked to do is implement something similar to what is implemented in VtigerCRM So when the super user assigns permission, the user should be assigned access to that particular component and/or that particular field in the component. I'm wondering is there a way to

问题 Here is the scenario, I have a service containing many records. My service also has many users, each with the ability to create, read, update and delete records. The ability to perform these operations on each record must be controlled at the record level. For example, user A can only read and update record 1 but user B can read, update and delete records 1, 2 and 3 and user C can perform all operations on all records. How if at all, can this be done using Azure AD? Obviously, using