Stack Overflow
Stack Overflow

Questions tagged [role-based-access-control]

155 questions
24
votes
1 answer

OAuth-2.0/JWT - guidance about when to use scope vs roles

One thing related to OAuth 2.0 and JWTs that's still a bit confusing is when to use scopes vs. roles. I think some of the confusion is coming from how role-based authorization works in ASP.NET Core (which is the primary language/framework at my…
Ryan.Bartsch
  • 3,698
  • 1
  • 26
  • 52
23
votes
6 answers

How to implement Role based restrictions/permissions in react redux app?

I have a React-Redux-KoaJs application with multiple components. I have few user roles as well. Now i want to display few buttons, tables and div to only specific roles and hide those from others. Please remember i dont want to hide the whole…
Harshit Agarwal
  • 2,308
  • 2
  • 15
  • 23
17
votes
1 answer

Django rest framework group based permissions for individual views

I am using DRF for writing API's. I would like to give different permissions for each view in my Modelviewsets. I have two groups(customers and staff). I have filtered them as Isstaff and Iscustomer in permissions.py. class…
Jai Simha Ramanujapura
  • 340
  • 1
  • 4
  • 12
16
votes
1 answer

Hierarchical role/permissions based access

I want to build a Hierarchical Role Base access control. This is my current schema: Currently I have two options to build this system: Attach all required permission to a role (not-hierarchical) Attach only special "level" permissions and…
Cristian
  • 2,390
  • 6
  • 27
  • 40
14
votes
3 answers

Dynamic authorization of roles asp.net core

This is not a duplicate question or rather the solutions given in other solutions have not worked. Lets say there is a controller [Authorize(Roles=//set dynamically)] public IActionResult DashBoard(LoginModel model) { } I have tried the solutions…
Sujit.Warrier
  • 2,815
  • 2
  • 28
  • 47
8
votes
0 answers

Dynamic generation of RBAC roles and permissions

I’m looking for a methodology for generating new RBAC roles on demand. I am developing a RBAC system that will have two primary parameters. Rather than simply having a user associated with a role, and that role associated with a group of…
jcropp
  • 1,236
  • 2
  • 10
  • 29
7
votes
1 answer

GraphQL - How to distinguish Public from Private fields?

Context I have a GraphQL API and a NodeJS & Angular application with a MongoDB database that holds users. For each user, there is a public page with public information like id and username. When a user is logged in, there is a private profile page…
Nicky
  • 3,607
  • 6
  • 33
  • 64
7
votes
1 answer

angular 2 subscribe value change not reflecting on html

This is quite confusing to me. I might not have a solid understanding of how subscription works. Angular 2 finalized version Goal: Hide/Show navigation menu based on roles Approach: I use Facebook to authenticate users. After authentication, user…
Chuck
  • 209
  • 1
  • 4
  • 11
7
votes
1 answer

How to handle role based authorization in AngularJS?

I am creating a web app which will satisfy two requirements for the users. Note: I am new to AngularJS as a web development platform. Front-end - 1: Its a search functionality where users can search for specific documents and studies based on…
CalmWinds
  • 157
  • 1
  • 3
  • 13
6
votes
2 answers

In Angular -> how to check if the user has permission using role-based access with the role save in the data base

I'm trying to make a role-based access for my app in angular, and I need some help because I'm newbie in angular ... First this is what I have in the route where I establish which roles can access it... from app-routing.module.ts { path:…
Raciel Brito Dorta
  • 65
  • 1
  • 1
  • 6
6
votes
1 answer

Entity-level access control in a hierarchical data scheme

I have a requirement for entity-level authorization that's frankly over my head. I'm hoping to get some guidance on this permission structure, how I might implement it in .NET 4.5, and if there are ways I could improve it. Here it goes: I have a…
jungos
  • 476
  • 5
  • 21
5
votes
1 answer

Azure Cosmos DB read data using role based access control

I have a CosmosDB in Azure, I want to give a user access to read the data inside various collections. I tried giving them the 'Reader'-role, it let them se that there existed a CosmosDB, and they could see some meta data. But they were unable to…
Alexolo
  • 198
  • 2
  • 13
5
votes
2 answers

Yii Framework 2.0 Role Based Access Control RBAC

Learning Yii Framework 2.0 I have tried to use Role Bases Access Control from the documentation of Yii 2.0. But the guide documentation is too short to me that I cannot complete this learning. I have added the following code to my config…
O Connor
  • 4,236
  • 15
  • 50
  • 91
4
votes
2 answers

generate role-based claims for aws cognito id token

Authenticate with AWS Cognito, I can get ID token including cognito:groups { admin, user}. From ASPNetCore Webapi, I can authorize using Policy (folows AWS tutorial…
beewest
  • 4,486
  • 7
  • 36
  • 63
4
votes
1 answer

Keycloak authorization: Adding a Role to a domain object or an entity

I am new to the Keycloak framework and after writing my own solution painfully we are hoping to convert to KeyCloak. It seems to be a promising solution but unfortunately lacking self describing documentation. I have gone through the tutorials and…
Arash
  • 121
  • 3
1
2 3
10 11