New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] RABC With Resource Roles not meet expectations #693
Comments
@closetool plz take a look. |
@yiranzai You got some thing wrong, |
@closetool I don't really understand. p, allen, deal_id_1, read
p, allen, deal_id_2, read ???
Because |
rbac_with_resource_roles_policy.csv In this scenario, my understanding is that |
@yiranzai your matcher is wrong, the g3 part should be: |
@hsluoyz emmm, stupid low-level mistake |
Want to prioritize this issue? Try:
What's your scenario? What do you want to achieve?
Hi, Team
p
Since the adapter does not supportp2
, I designed thep.type
to distinguish itg
represents the relationship between user and rolesg2
represents the relationship between resource entities and resourcesg3
represents the relationship between a user and a resource entityNow when
p.type = 'b'
, I want to ignore theg3
ruleWhen
p.type = 'a'
, I want to have to satisfy theg3
ruleNow I have two users,
allen
andbob
.bob
is theadmin
and he canread
all the deal information.There are now two deals with ID 1 and ID 2(refer to
g2
rule).allen
is thedeal.leader
in thedeal
with ID 1 (g3
).Since all the deal can be seen by the
deal.leader
(p
), he canread
thedeal
with ID 1.But now
allen
can read deal with ID 2. why ?Your model:
Your policy:
Your request(s):
The text was updated successfully, but these errors were encountered: