You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I created a new organization with some apps. However, I found that I can't create a rule for "app-built-in".
And when I changed the Casbin model to this, all users had all app's permissions.
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
g2 = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act
I hope this system can achieve that users can only log in to "app-built-in" unless explicitly authorized for a specific application.
The text was updated successfully, but these errors were encountered:
@zzzz0317users can only log in to "app-built-in" unless explicitly authorized for a specific application. is a wrong concept. This cannot be done. All users for the built-in org (and the app-built-in app) are global admins. Their permissions cannot be restricted by Casbin permission.
@hsluoyz My point is that users in the built-in organization are all high-privileged administrators. For users from other organizations, by default, they are only allowed to log in to a few specific applications. If they don't have administrator authorization, a specific role, or are not part of a specific group, they cannot log in to other applications.
I created a new organization with some apps. However, I found that I can't create a rule for "app-built-in".
And when I changed the Casbin model to this, all users had all app's permissions.
I hope this system can achieve that users can only log in to "app-built-in" unless explicitly authorized for a specific application.
The text was updated successfully, but these errors were encountered: