Ability to get all policies for given subjects

Question

Ability to get all policies for given subjects

F21 opened this issue 7 years ago · 2 comments

I want to use ladon to perform authorization for an app developed as a set of microservices.

I will have an Authorization service which allows administrators to configure access policies for each user. However, I want to be able to check whether the user is allowed to perform a certain action on a certain resource within each service. In my case, I want to be able to get the policies for a subject or subjects in my API gateway and then encode them into JSON and pass them along with the requests to other services.

It would be nice if the manager contains a method where we can look up all the policies for a given subject.

Another use-case is if we want to use ladon to implement RBAC. We would have a subject called role:some-role, for example. We also want to provide an interface where administrators can edit all the permissions for a given role. In this use-case, it'd be really helpful if we could ask the manager to give us all the policies where subject equals role:some-role.

Answer 1 · 2017-08-01T14:34:17.000Z

It should be fairly easy to embed the existing manager into your own logic which encapsulates what you ask. I want to keep the logic in ladon lean and focused on what's necessary for the policy logic to work.

…

Am 01.08.2017 um 13:34 schrieb Francis Chuang ***@***.***>: I want to use ladon to perform authorization for an app developed as a set of microservices. I will have an Authorization service which allows administrators to configure access policies for each user. However, I want to be able to check whether the user is allowed to perform a certain action on a certain resource within each service. In my case, I want to be able to get the policies for a subject or subjects in my API gateway and then encode them into JSON and pass them along with the requests to other services. It would be nice if the manager contains a method where we can look up all the policies for a given subject. Another use-case is if we want to use ladon to implement RBAC. We would have a subject called rbac:some-role, for example. We also want to provide an interface where administrators can edit all the permissions for a given role. In this use-case, it'd be really helpful if we could ask the manager to give us all the policies where subject equals rbac:some-role. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Answer 2 · 2017-08-01T23:11:21.000Z

Good point! 👍