ACL WIP #66
ACL WIP #66
Conversation
|
|
||
| has_read_permission_for_given_company { | ||
| companyId := input.request.query["companyId"][0] | ||
| user := input.user[_].resource == { resourceType: "company", resourceId: companyId } |
There was a problem hiding this comment.
@fredmaggiowski really not sure about that
|
Thank you @Lory1990 I'm reviewing it ASAP, in the meantime I've converted the PR to draft to be sure it won't get merged until it's ready |
There was a problem hiding this comment.
We could also add some info about ACL support in this section
https://rond-authz.io/docs/getting-started#r%C3%B6nd-and-rbac
Maybe with a simple comparison between RBAC and ACL approaches, some resources and links to the documentation page you are preparing for ACL, what do you think about it?
_docs/policy-integration.md
Outdated
|
|
||
| ## RBAC Based ACL Data Model | ||
|
|
||
| You can use a the [binding association collection](#bindings) to rapresent a ACL data model, in this case you could only use the following fields: |
There was a problem hiding this comment.
| You can use a the [binding association collection](#bindings) to rapresent a ACL data model, in this case you could only use the following fields: | |
| You can use a the [binding association collection](#bindings) to represent a ACL data model, in this case you could only use the following fields: |
_data/toc.yml
Outdated
| @@ -38,5 +38,9 @@ | |||
| url: "docs/policy-integration#custom-built-ins" | |||
| - title: RBAC Data Model | |||
| url: "docs/policy-integration#rbac-data-model" | |||
| - title: RBAC Based ACL Data Model | |||
There was a problem hiding this comment.
I would not present it as RBAC Based ACL 🤔 it's either RBAC or ACL.. It could be titled as "Implement ACL with Bindings"
Also what is the difference you expect between RBAC Based ACL Data Model and ACL Data Model 🤔
I'd collapse them in a single title.
There was a problem hiding this comment.
OMG they are the same model 😱 so sorry, I am only a human with Cognitive bias
| @@ -436,6 +436,10 @@ This collection contains all the bindings between users or groups of users and a | |||
| "roles": [ | |||
| "TLRoleId" | |||
| ], | |||
| "permissions": [ | |||
There was a problem hiding this comment.
I'd keep this example free of permissions to avoid confusion, do you find it more clear with it?
There was a problem hiding this comment.
For me is essential to declare all the capabilities of RBAC so that there is no misunderstanding
Using ACLs based data model with ROND
Please do not merge, I haven't tested yet. Check the wording, the concepts and the data models