add note about abac to auth docs (#3537)

2024-11-11 05:10:51 +03:00 · 2019-12-17 14:01:33 +05:30 · 2019-12-17 14:01:33 +05:30 · eeb0c7acdd
commit eeb0c7acdd
parent 6f3e88abb7
1 changed files with 6 additions and 2 deletions
--- a/docs/graphql/manual/auth/authorization/roles-variables.rst
+++ b/docs/graphql/manual/auth/authorization/roles-variables.rst
@ -34,8 +34,7 @@ Examples:
 Dynamic session variables
 -------------------------

-When you create a permission, or an access control rule, the permission rule itself needs access to some variables
-that are derived from the request itself. Let's refer to these as *session variables*.
+Permission rules can also refer to *session variables*. Session variables are key-value pairs returned from the authentication service for each request.

 For example: If a user makes a request, the session token maps to a ``user-id``. This ``user-id`` can be used in
 a permission to show that inserts into a table are only allowed if the ``user_id`` column has a value equal to that
@ -84,6 +83,11 @@ Examples:
            }
          }

+.. admonition:: ABAC
+
+  Session variables are analogous to *attributes* in a typical `attribute-based access control <https://en.wikipedia.org/wiki/Attribute-based_access_control>`_ (ABAC) system.
+
+
 Modelling Roles in Hasura
 -------------------------