You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Every Mondrian type can have a map of role -> permission
Example:
{Tenant: {ADMIN: true,//can do anythingMAINTAINER: {//can read and write but not deleteread: true,write: falsedelete: false}},User: {ADMIN: true//can do anythingMAINTAINER: {//can only read nameread: {name: true}}}}
Operation type
read, write or delete
Goal
Before calling a function we must understand if with the given input and context the client can perform the action:
(
client's roles,
types permissions,
this operation domain,
this operation types,
requested projection
) -> yes / no+reason
The text was updated successfully, but these errors were encountered:
Work in progress...
Specification for RBAC support
Terminology
Role
A role is just a tag. For example
ADMIN
. A client can have a set of roles attached to some specific domainsExample:
Domain
A domain is defined as a category to which an entity belongs.
Operation domain
The current operation domain.
Example:
Permission
A permission is a specification fo what some role can do
Every Mondrian type can have a map of
role -> permission
Example:
Operation type
read, write or delete
Goal
Before calling a function we must understand if with the given input and context the client can perform the action:
The text was updated successfully, but these errors were encountered: