3

I have a simple rest application written in golang where I have 2 entities: orders and users and I am trying to solve the authorization part using casbin. I have really low experience in writing this kind of authorizations so I will try to be clear as possible.

Explanation: Admin can assign users to work on specific orders. Any number of users (2, 4, 5...) can be assigned to work on one order but they can all have different permissions, one can have full write, one partially writes while the last two can have only read for example. These permissions can be revoked or assigned to new users anytime.

For policy storage, I plan to use pg adapter. What would be the most elegant way to handle this kind of authorization per "object/order". From the documentation, I think what I need is ABAC control as I understand it's used for fine-grain authorization and attribute based but what I don't understand how this would affect if the database gets large as I would need to write a lot of policies per each object(order)? Is this approach fine or am I missing something?

bernadd
  • 660
  • 1
  • 10
  • 19
  • Please send a GitHub issue to Casbin repo. – hsluoyz Aug 01 '20 at 03:51
  • I figured this out for my case, I found a section "Policy enforcement at scale" at website. I do filtering to load less number of records into memory before checking enforce. – bernadd Aug 19 '20 at 11:25

0 Answers0