Azman on a resource level
https://stackoverflow.com/questions/8450142
-
12-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I have used Azman in a previous project and it works well when authorizing operations on a system-level
- authorize role X to perform operation Y.
- allow Managers to update_sales_orders
In a new project, I need to manage authorizations on a record level.
- authorize role X to perform operation Y on record #Z
- allow Managers to update_sales_order # 23
What is the best way of achieving this? If there is an authorization API that supports this I would be glad to hear about it. Otherwise, any suggestion is welcomed.
المحلول
AzMan has a feature called scopes that can accomplish what you are asking. A scope can be any piece of data. Here at work, for example, we have a branch scope. So, for a person assigned to a scope of 1234, that person can only perform the operations assigned to them on data belonging to branch 1234.
لا تنتمي إلى StackOverflow
