I am investigating options to build a system to provide "Entity Access Control" across a microservices based architecture to restrict access to certain data based on the requesting user. A full Rol...

I have a project that I need ABAC implemented in. I've been searching the internet for information on how ABAC works specifically from a Nodejs standpoint. I have an understanding of the basic conc...

We are building a cloud based application, using C# as our main language and running on Microsoft Azure. One of the key pieces of the architecture is to have fine grained authorization rights imple...

I have a C# .net application which servers both company's internal users and external customers. I need to do fine-grained authorization like who accesses what resource. So I need something like re...

We have a medium sized business app and we use Spring Security roles and permissions (RBAC) heavily with a big kludge to turn roles on and off for certain instances plus rules hidden in SpEL within...

I have a SaaS service where multiple users can collaborate with each other. Till now users under the same subscription account could share the same database and view/edit/delete everything from eac...

I have a project that requires ABAC for access control for my projects resources. I've been looking at OPA and authzforce as options to implement ABAC and OPA looks like it might be less complicate...

I'm working on a PHP application, and I'd like to add access control to some of my objects. I didn't tag this question as PHP, as I feel this question is not language specific. Say I have a 'Servi...

I am studying about various types of access control models and came across to know that abac and rbac are the popular ones. I've a basic scenario for one of my project and I couldn't understand sh...

What I am trying to achieve Protect a resource in Keycloak with policy like: if (resource.status == 'draft') $evaluation.grant(); else $evaluation.deny(); Going by their official documents an...

Where does GKE log RBAC permission events? On Google Container Engine (GKE) clusters with kubernetes version v1.6 enable RBAC authorization per default. Apparently ABAC is enabled as fallback auth...

How have folks used an abac approach when running reports or even just selecting multiple records from a DB? For instance, if you have a policy that states: Doctors can only view patients in t...

I am developing REST API for the growing system. And in general Role/Claims Access Control work perfecly like this. [HttpGet] [Route("settings")] [Authorization(Type = AuthorizationType.Admin, Per...

for a proof of concept i want to store rights. I know there are different ways of access control (DAC, MAC, RBAC,..). My first idea was using a database, but I'm looking for some more etablished st...

I’m looking for an example or best practices for a RBAC system with two parameters. Rather than simply having a user associated with a role, and that role associated with a group of permissions; a ...