Background
A lightweight RBAC layer is needed to protect resources while keeping permission logic straightforward using Casbin (available via the FOCA archetype.
Permission
| Action |
Authenticated User |
Manager |
Owner |
| Read any resource |
✅ |
✅ |
✅ |
| Create a resource |
✅ |
✅ |
✅ |
| Update a resource |
❌ |
✅ |
✅ |
| Delete a resource |
❌ |
❌ |
✅ |
| Set permissions on a resource |
❌ |
❌ |
✅ |
Suggested Implementation Steps
- implement the permissions above (in a access_control.conf file).
- automatically assign the creator as owner on
POST/CREATE operations.
- create endpoints to allow Owners to assign/revoke Manager or Owner roles to other users on resources they own.
- add a guard in the role-removal and resource-deletion endpoints
Background
A lightweight RBAC layer is needed to protect resources while keeping permission logic straightforward using Casbin (available via the FOCA archetype.
Permission
Suggested Implementation Steps
POST/CREATEoperations.