mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-14 17:02:49 +03:00
add note about abac to auth docs (#3537)
This commit is contained in:
parent
6f3e88abb7
commit
eeb0c7acdd
@ -34,8 +34,7 @@ Examples:
|
||||
Dynamic session variables
|
||||
-------------------------
|
||||
|
||||
When you create a permission, or an access control rule, the permission rule itself needs access to some variables
|
||||
that are derived from the request itself. Let's refer to these as *session variables*.
|
||||
Permission rules can also refer to *session variables*. Session variables are key-value pairs returned from the authentication service for each request.
|
||||
|
||||
For example: If a user makes a request, the session token maps to a ``user-id``. This ``user-id`` can be used in
|
||||
a permission to show that inserts into a table are only allowed if the ``user_id`` column has a value equal to that
|
||||
@ -84,6 +83,11 @@ Examples:
|
||||
}
|
||||
}
|
||||
|
||||
.. admonition:: ABAC
|
||||
|
||||
Session variables are analogous to *attributes* in a typical `attribute-based access control <https://en.wikipedia.org/wiki/Attribute-based_access_control>`_ (ABAC) system.
|
||||
|
||||
|
||||
Modelling Roles in Hasura
|
||||
-------------------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user