I am quite new programmer and I need your help. I need to combine RBAC with ABAC. For the application requirements, imagine that we have some endpoints that some users with a specific role have access tos (imagine only the admin can POST an action for a Items). I need to add some granuallity from the items that belongs into groups.So items inherit all permissions from parent group(recursively).The priority is permissions -> group permissions -> global permissions. Also for my model i need every user tohaves access only to his dashboard page APIi/v1/:id. for example user1 has access to api/v1/1 but not to api/v1/2.Is that possible ?Would appreciate your suggestions.
My current implementation has 2 models (Nodejs implementation)
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _,_
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && keyMatch2(r.obj, p.obj) && regex match(r.act, p.act)
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub_rule, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act
