Hello,
I have seen Kim Maida’s posts on RBAC and Authorization extension. Wanted to know if Auth0 is considering the use case of resource filtering.
Specifically, let’s say a group of users has role Device Operator
, but only for devices with classification of xyz
. In this case, I would like to store an opaque “filter string” with the assignment which is made available at the time of authorization (in a rule context or token).
Then the resource service can use this filter to further restrict which devices, a user in that group will be allowed to access.
Thanks
1 Like
Hey there,
As far as I know it’s not doable as of now using our stack unfortunately. I would highly suggest filing in a feature request to our product managers using our product form:
Thanks @konrad.sopala. I will do that.
1 Like
Thanks! The more people advocating for certain feature and filing in feature requests we have the more likely that feature will get implemented
If you’d like to vote, feature request for this is at: Role assignments with a resource filter
Thanks for sharing the link with the rest of community!
While the resource-filter might not be the only approach to this; the use-case in itself seems so obvious that it’s actually shocking it’s not achievable in the current state of art of Auth0. (and it’s been a while now).
Some use-cases :
- Facebook-like groups / pages management. A user is owner of a group, some others are admin — with specific permissions, moderators. Some users are simple consumers.
- Google Drive-like file management. A user (or a domain) is owner of a file, some others are editors, some others are readers
- Auth0 backoffice itself : a user can be superadmin of a tenant, and simple admin of another
In any of those use-cases, the topic remains the same : a role is tightly coupled with a “resource instance” and not only a “resource type”. That’s what is called a “relation” on that post and others about the same topic.
NB : Please note that there is a common confusion and misuse of langage out there with the term “resource”. Browsing the web about that topic, using “resource” is sometimes related to the “resource type” (Dogs), sometimes to the “resource instance” (Dog with id: 1234). We’re talking here about “resource instance”
3 Likes