Hi all, In our backend service, we have authenticated APIs that will perform some actions on a given entity. That entity E has different types of relations with a user (e.g. OWNER, REPRESENTER, etc). So, for example, user Alice might OWN entity E1 and REPRESENT E2, meanwhile user Bob might OWN E2. …

Hi Thiago @tcoraini If I understood correctly your backend resource service needs to know both the role and permission to filter the right subset of data. Ideally, the resource service should only know about permissions otherwise the benefit of the separation between permissions and roles is dimin…

@sanjeevchopra resource filters is a great proposal. I’m also interested in per resource authorization, but it seems that no Authentication & Authorization SaaS offers this out of the box, and nor does Auth0. Did you create the feedback ticket? I’d like to give my upvote, but I was unable to find i…

Robin, I thought I did. But cannot find it either. I posted it again today – here’s the link: Role assignments with a resource filter @trietsch

@sanjeevchopra I think we’re in a similar boat. Any insight? [image] User permissions on custom resources Help We are building an application that is going to create many custom resources. We want to assign users with edit, view, and ownership permissions on those resourc…

Best way to model per-resource/per-relation authorization

Get Help

danny4 February 10, 2022, 6:40pm 5

@sanjeevchopra I think we’re in a similar boat. Any insight?

Topic		Replies	Views
User permissions on custom resources Get Help auth0	6	5104	February 25, 2022
How to implement this authorization model with Auth0? Get Help	2	2125	January 28, 2022
How to let users access owned resources + resources created in their behalf by other users in custom backend service Get Help roles , authorization , permissions , rbac	0	2097	July 31, 2022
Role assignment with resource filters Get Help authorization , rbac , authorization-core	6	5217	July 29, 2022
Permissions/Roles Design Question Get Help	3	5618	September 2, 2019

Best way to model per-resource/per-relation authorization

Related topics