Questions tagged [rbac]
10 questions
5
votes
1 answer
Dealing with permissions for the list of resource
I have a few big services, that uses the same database and tables for managing roles and permissions. Each service ask the database directly for the permissions.
Now I need to build a new service. The idea is to create a centralized service that…
alex
- 183
- 1
- 4
2
votes
3 answers
Securing API for third party use
We have a set of microservices and would like to expose endpoints from a subset of these for third parties to use. To this end, we will build an API Gateway that acts as the access control mechanism for all our services.
In terms of how access is…
Umair
- 175
- 1
- 4
1
vote
2 answers
RBAC and domain specific roles
I have some doubts about RBAC which I cannot wrap my head around. So I would like to hear what you guys think.
Though I understand the concept of RBAC, I cannot figure out how to apply that to my specific use case:
I have a system that a company…
ShahiM
- 13
- 6
0
votes
0 answers
Implementing authorization in API driven SPA app
When building API-driven SPAs, I'm wondering what the best practice is regarding communicating to the frontend app about which actions are permitted for the currently logged-in user.
Assume there is an RBAC system implemented on the backend.…
steve-robinson
- 164
- 6
0
votes
1 answer
RBAC - using database vs hard coded
I need to implement RBAC in a project I'm working on, and I'm fairly new to the concept. I am trying to figure out the best way to implement it.
The most common approach seems to be to create roles and permissions and link them together through the…
user3353167
- 149
- 4
0
votes
0 answers
Attempting to Implement RBAC from ACL
I am trying to implement RBAC to a system but I endup creating an ACL instead due to my low understanding of this archtecture.
What I already have implemented:
Created User model.
Created Groups with different permissions from User…
Elias Prado
- 109
- 3
0
votes
0 answers
How do you do you implement roles on your API's using Azure AD Security groups?
I'm trying to figure out the best way to accomplish using Azure Active Directory Security groups to manage role assignments for an API. I'm trying to evaluate a few different options as well as poll to see what others were doing as solutions.
Option…
Luke Gaskell
- 9
- 1
0
votes
1 answer
OWASP Broken Access Control by example: preventing user's from reading/writing data that isn't theirs
I have experience building RBAC-based authorization mechanisms, and understand the theory behind ACLs (DAC?) though I've never had the need to implement them.
A situation was just presented to me that I realize I have never thought about dealing…
hotmeatballsoup
- 51
- 12
0
votes
1 answer
How to limit resource creation with RBAC permission?
The project I am working on is a SaaS application with multiple payment tiers. Each one has multiple limits for different actions. One example would be that a free user can only create 1 space, a premium user can create 5 spaces, and a pro user can…
Forrest Keller
- 13
- 2
0
votes
0 answers
Single users database for many apps
I'm designing a database that holds the information for users of three diferentes apps that share the access to the data trough an API. For every user i'm storing credentials, profile and roles.
What I'm looking forward to have should accomplish the…
Francisco Hanna
- 109
- 3