Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

building ABAC policies via custom UI interface #77

Closed
mjugger opened this issue Jul 4, 2019 · 5 comments
Closed

building ABAC policies via custom UI interface #77

mjugger opened this issue Jul 4, 2019 · 5 comments
Assignees
@hsluoyz
Labels
question Further information is requested

Comments

@mjugger
Copy link

mjugger commented Jul 4, 2019

I'm trying to create an app where end users can create ABAC policies for resources in my app via a custom UI. In a nutshell, all attributes would be predefined by me for use in the app and the user would go to the custom UI and select attributes based on the subject, action, resource, and time.
Can Casbin support such a system? I've been digging into Casbin trying to fully grasp how to use it with ABAC and I feel like the static models would hinder such an endeavor since (from my understanding) the static model contains the actual logic and seem to be using dot notation to access the attributes on the argument objects.
@hsluoyz
Copy link
Member

hsluoyz commented Jul 5, 2019

Hi @mjugger , the model can be dynamic too. It can be loaded from code or string instead of .CONF file. See: https://casbin.org/docs/en/model-storage

@hsluoyz hsluoyz self-assigned this Jul 5, 2019
@hsluoyz hsluoyz added the question Further information is requested label Jul 5, 2019
@mjugger
Copy link
Author

mjugger commented Jul 5, 2019
edited
Loading

Ah I see. Thanks for the response.
So there is one other thing that this situation brings up and that is: writing policies via a custom UI.

Please bare with me because my understanding of casbin is not great so I'm not sure if I can articulate this well but here I go.

So in my scenario I plan to create an ABAC rule builder that will utilize ABAC subject, object, action, and environment (for now that will be time but can change) and will allow the end user to attach attributes to subject and object with computational and logical operators.
My app will have 1000s (or 100s of 1000s) of users which is why I anticipate there being 1000s of policies.

Because my UI will allow the user to create these policies (in a user friendly no code way) I'm assuming that if I use casbin, my custom UI would need to build models for casbin to used that are attached to the users that created them.

So my question is:

  1. can casbin use models created in this way from a database (since they need to be bound to the user that created it) and if it can is it a good idea to do that?

@hsluoyz
Copy link
Member

hsluoyz commented Jul 6, 2019

So you want to have different models for different users, we have similar feature in the Casbin-Server project, which is in Golang though: https://github.com/casbin/casbin-server

For Casbin UI, we also have some demo-level Admin Portal projects: https://casbin.org/docs/en/admin-portal. But it seems that there's no ABAC attribute level editing UI.

@hsluoyz
Copy link
Member

hsluoyz commented Aug 24, 2019

@nodece , I think this is what I said about ABAC's GUI on Online editor this Monday.

@hsluoyz
Copy link
Member

hsluoyz commented Jul 3, 2020

This issue should be resolved at Casbin dashboard side: https://dashboard.casbin.org/

@hsluoyz hsluoyz closed this as completed Jul 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mjugger @hsluoyz