Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Pure permission groups assignable for specific domains/groups/tenants
See original GitHub issueHi there,
I’m looking for a way to create groups with non specific permissions. e.g. Admin -> * -> write and the ability to assign these groups to specific domains.
How would I go about this?
https://github.com/casbin/node-casbin/blob/master/examples/rbac_with_domains_policy.csv This example is creating a group for every domain, I would like to each group only once and control the domain access when the group assigned to users. e.g.
p, group_admin, subject_blog, permission_read
g, user_a, group_admin, domain_7
Is this possible?
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (7 by maintainers)
Top Results From Across the Web
Group management permissions for Azure AD custom roles
Create Microsoft 365 groups of assigned membership type, excluding role-assignable groups. Creator is added as the first owner. microsoft.
Read more >Assign roles to a group - Genesys Cloud Resource Center
Authorization > Role > View. Administrators can use a group's Roles tab to grant a role to all members of a group and...
Read more >Role-Based Access Control (RBAC) with the Remote Plugin
How To Assign Role-Based Permissions to a Pure Storage FlashArray. The permission assignment process shown in the previous section must also be ...
Read more >Role-assignable group (Security/Office 365 Group) - Medium
A role-assignable group is a special type of group created from Azure Active Directory that has 'isAssignableToRole' property set to True ...
Read more >Manage permissions at scale with permission groups
With permission groups, you can assign multiple users sets of permissions in a single step, based on membership in a specific group,...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@slind14 @hsluoyz @nodece
Can you explain why this isn’t supported?
I created this model file and it seems to work fine.
============================================================
============================================
domain is assigned in the group and not in the policy.
Enforcement works with this model.
@hsluoyz
This is just an initial commit. Wanted to get some feedback on my implementation. Its not optimized for large data sets yet.
Basically, I’ve added a new ptype, d, which is domain_groups.
https://github.com/dwang7/pycasbin/blob/master/examples/rbac_with_domain_groups_model.conf https://github.com/dwang7/pycasbin/blob/master/examples/rbac_with_domain_groups_policy.csv
When you add to the roles, g, you can specify the domain_group instead of the domain.
g, bob, read_role, beverages
d, pepsi, beverages d, coke, beverages d, sprite, beverages