You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I really like the casbin library. I am trying to figure out how the following can be acheived. May be this is simple question, but would like to get help in configuring casbin to support this scenario
We want to implement RBAC with domains as we support access to multiple products / features in one user account
We want the role -> permission data in a config file. eg: table_reader(role) has read access to table X. Our code in different parts will check if the user's role is eligible for accessing that feature.
We want the user -> role data stored in database as we want to provision new users and customers using our web app.
As I understand it, #2 and #3 data is clubbed together in casbin. Would like some examples on how we can separate them.
The text was updated successfully, but these errors were encountered:
Hi @pchakravarthy , given that you want to store the g policy rules (user -> role) in DB, it's easier to use an existing DB adapter to do it. So there are only g rules in your DB.
For handling the p rules (role -> permission), there can be more ways. I can think of two solutions at least:
Read the config file in your own way, then call Management API to dynamically load the rules into an enforcer.
Use another adapter (so you are using an adapter for g and another adapter for p), can be built-in File Adapter, JSON Adapter, or String Adapter (https://casbin.org/docs/en/adapters). Init a temporary enforcer with this adapter, then get the policy rules from this temporary enforcer and add them to your own enforcer. This way reuses the adapter mechanism, but maybe need more policy copy.
Another 3rd way would be defining a role manager to handle the g policy rules totally on your own: https://casbin.org/docs/en/role-managers So you let Casbin handle the p rules with the built-in file adapter and you handle the g rules with your own defined role manager (like reading DB).
I really like the casbin library. I am trying to figure out how the following can be acheived. May be this is simple question, but would like to get help in configuring casbin to support this scenario
As I understand it, #2 and #3 data is clubbed together in casbin. Would like some examples on how we can separate them.
The text was updated successfully, but these errors were encountered: