Better entitlement framework in V3 #10253
Assignees
Labels
a/authz
Issues related to "authorization" and the policy engine after session claims are procesed
c/v3-engine
V3 Metadata and Engine
v3
Comments
manasag
added
a/authz
|
Related GH Issue - #10310 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, Hasura uses role based access control, where you define the entire set of permissions per-role. However, this doesn't scale well because:
It's not always possible to capture all possible states in the authorization system as separate roles.
It's not possible to reuse permissions (allowed fields, model predicate) across roles.
For complicated permissions, it's hard to verify the correctness of a model's permissions predicate at a glance.
RFC on the proposal can be followed here #10237
V2 Issues that can be addressed by this proposal:
The text was updated successfully, but these errors were encountered: