Comments (8)
Also interested in this.
from accesscontrol.
@dominikstohl If I understood correctly, you need a policy/attribute based access control framework. accesscontrol works purely with roles(RBAC)
from accesscontrol.
@iNDicat0r accesscontrol
is not purely RBAC, as it states in the docs.
from accesscontrol.
@sarneeh I agree, but in accesscontrol
permissions are assigned relative to the role, something which isn't a requirement in ABAC systems.
from accesscontrol.
@iNDicat0r ABAC is not too familiar to me so I didn't know the difference. Btw - are you aware of some ABAC example implementations? I was looking for something like that but can't find anything in the Node.js world.
from accesscontrol.
@sarneeh https://github.com/ory/ladon is written in Go and is inspired by AWS IAM. You can write a standalone authorization server on top of it and use your nodejs app to communicate and ask for authorization.
from accesscontrol.
This library doesn't implement ABAC. It gives simplified version of managing roles. Can you define attribute check in the library? You can't. See #8 and #12.
ABAC means that you need to validate attributes properly that have or not have certain values. Here's for example a library, that supports proper ABAC approach - https://github.com/YLuchaninov/PolicyLine#differences-from-other-libraries. Wiki page for reference.
from accesscontrol.
In my app, i have defined that user are like role that are prefix by "u-" in there name. So you can have a user u-admin that inherite from the role admin. It's not perfect but it works fine. Update library to handle role and user would be great.
For access on a specific resource, you need to give own grant on a resource and store on your database which resources of this type the user have access.
In my case i use a table with field resource_type and resource_pkey. So i can search for all resources of type foo that the user have access.
By doing this, you are clearly out of the scope of this library in it's actual version and it involve some development of your part but i haven't find better solution, except to used a big authorization solution like Keycloak.
from accesscontrol.
Related Issues (20)
- How to restrict access to certain part of the page HOT 1
- I would like to become a maintainer of this repo HOT 8
- grant permissions for every resources ? HOT 1
- please ignore - opened by mistake
- Filter array data
- support for deno
- Custom Possession HOT 1
- Cannot inherit non-existent role when using grants in object
- AccessControl() constructor does not support list of grant objects comes from Mongodb using mongoose
- Why we need to filter out the req.body in updateOwn
- Control system
- Multicontextual permissions HOT 1
- Make Action and Possession actual enums.
- Ignore undefined roles if one of them enough access HOT 3
- Filter creates anwanted fields HOT 4
- Allow `number` as valid type of role
- Distributed Grant File HOT 1
- Consider upgrading Notation to latest version 2.0 HOT 5
- Is this repo abandoned? HOT 3
- Rules support? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from accesscontrol.