Questions tagged [role-based-access-control]
113 questions
12
votes
1 answer
Django rest framework group based permissions for individual views
I am using DRF for writing API's. I would like to give different permissions for each view in my Modelviewsets. I have two groups(customers and staff). I have filtered them as Isstaff and Iscustomer in permissions.py.
class…
![](../../users/profiles/8113126.webp)
jaisimha ramanujapura
- 183
- 1
- 9
10
votes
5 answers
How to implement Role based restrictions/permissions in react redux app?
I have a React-Redux-KoaJs application with multiple components. I have few user roles as well. Now i want to display few buttons, tables and div to only specific roles and hide those from others. Please remember i dont want to hide the whole…
![](../../users/profiles/10949001.webp)
Harshit Agarwal
- 1,349
- 2
- 12
- 19
10
votes
1 answer
Hierarchical role/permissions based access
I want to build a Hierarchical Role Base access control.
This is my current schema:
Currently I have two options to build this system:
Attach all required permission to a role (not-hierarchical)
Attach only special "level" permissions and…
![](../../users/profiles/1204180.webp)
Cristian
- 1,919
- 3
- 21
- 33
9
votes
3 answers
Dynamic authorization of roles asp.net core
This is not a duplicate question or rather the solutions given in other solutions have not worked.
Lets say there is a controller
[Authorize(Roles=//set dynamically)]
public IActionResult DashBoard(LoginModel model)
{
}
I have tried the solutions…
![](../../users/profiles/1322204.webp)
Sujit.Warrier
- 2,337
- 2
- 25
- 38
7
votes
1 answer
angular 2 subscribe value change not reflecting on html
This is quite confusing to me. I might not have a solid understanding of how subscription works.
Angular 2 finalized version
Goal: Hide/Show navigation menu based on roles
Approach: I use Facebook to authenticate users. After authentication, user…
![](../../users/profiles/6868286.webp)
Chuck
- 209
- 1
- 4
- 11
7
votes
1 answer
How to handle role based authorization in AngularJS?
I am creating a web app which will satisfy two requirements for the users. Note: I am new to AngularJS as a web development platform.
Front-end - 1: Its a search functionality where users can search for specific documents and studies based on…
![](../../users/profiles/4557038.webp)
CalmWinds
- 157
- 1
- 3
- 12
7
votes
0 answers
Dynamic generation of RBAC roles and permissions
I’m looking for a methodology for generating new RBAC roles on demand. I am developing a RBAC system that will have two primary parameters. Rather than simply having a user associated with a role, and that role associated with a group of…
![](../../users/profiles/3185763.webp)
jcropp
- 1,118
- 8
- 24
6
votes
1 answer
GraphQL - How to distinguish Public from Private fields?
Context
I have a GraphQL API and a NodeJS & Angular application with a MongoDB database that holds users. For each user, there is a public page with public information like id and username. When a user is logged in, there is a private profile page…
![](../../users/profiles/3930694.webp)
Nicky
- 2,826
- 2
- 25
- 54
6
votes
1 answer
Entity-level access control in a hierarchical data scheme
I have a requirement for entity-level authorization that's frankly over my head. I'm hoping to get some guidance on this permission structure, how I might implement it in .NET 4.5, and if there are ways I could improve it.
Here it goes:
I have a…
![](../../users/profiles/881011.webp)
jungos
- 466
- 4
- 20
5
votes
1 answer
OAuth-2.0/JWT - guidance about when to use scope vs roles
I'm quite well versed with most things related to OAuth 2.0 and JWTs, but one thing that's still a bit confusing is if/when to use scopes vs. roles.
I think some of the confusion is coming from how role-based authorization works in ASP.NET Core…
![](../../users/profiles/824434.webp)
Ryan.Bartsch
- 1,550
- 11
- 29
5
votes
2 answers
Yii Framework 2.0 Role Based Access Control RBAC
Learning Yii Framework 2.0 I have tried to use Role Bases Access Control from the documentation of Yii 2.0. But the guide documentation is too short to me that I cannot complete this learning. I have added the following code to my config…
![](../../users/profiles/1739821.webp)
O Connor
- 3,676
- 12
- 38
- 75
4
votes
2 answers
Keycloak: authZ with nodeJS
I am trying to secure a REST API using keycloak authorization mechanisms.
My API is in NodeJS with express.
Say I have this API:
http://www.example.com/api/v1/houses
The endpoint supports GET/POST/PUT/DELETE.
A house has a name and an owner:
{
…
![](../../users/profiles/533919.webp)
cdupont
- 774
- 3
- 14
3
votes
0 answers
MERN stack MongoDB Permission and Access Level Setup
I am creating a MERN Stack application. I am very confused about access permission to keys in my mongoDb schemas. I came from Firebase which allowed you to set up node level read/write access controls in the Firebase rules.
Below is an example I…
![](../../users/profiles/7706052.webp)
Michael
- 127
- 10
3
votes
2 answers
generate role-based claims for aws cognito id token
Authenticate with AWS Cognito, I can get ID token including cognito:groups { admin, user}.
From ASPNetCore Webapi, I can authorize using Policy (folows AWS tutorial…
![](../../users/profiles/5031337.webp)
beewest
- 3,068
- 4
- 20
- 43
3
votes
1 answer
Adding Role Based Redirection Upon Login to React App
So I have an app that currently works fine on login, just takes you to the basic app. I created a new page called AdminDashboard.js, and added a new part to the json called "Admin" which is set to 1 for admin users and 0 for everyone else. I don't…
![](../../users/profiles/11706035.webp)
Mariana Gomez-Kusnecov
- 265
- 1
- 3
- 15