Role assignments with a resource filter

Role assignments with a resource filter

A group of users has role Device Operator , but only for devices with classification of xyz . In this case, I would like to store an opaque “filter string” with the assignment which is made available at the time of authorization (in a rule context or token).

Then the resource service can use this filter to further restrict which devices, a user in that group will be allowed to access.

from: Role assignment with resource filters


Implement a system where a role can be assigned to a user, but authorization is also subject to some properties of the resource being acted upon.

Hey there!

Thanks for creating that. Let’s see how many people will be interested in such addition!