Skip to content

Better entitlement framework in V3 #10253

New issue
New issue
Open
Open
Better entitlement framework in V3#10253
Assignees
abhinav-hasura
Labels
a/authzIssues related to "authorization" and the policy engine after session claims are procesedc/v3-engineV3 Metadata and Enginev3
@manasag

Description

@manasag
manasag
opened on May 21, 2024

Currently, Hasura uses role based access control, where you define the entire set of permissions per-role. However, this doesn't scale well because:

It's not always possible to capture all possible states in the authorization system as separate roles.
It's not possible to reuse permissions (allowed fields, model predicate) across roles.
For complicated permissions, it's hard to verify the correctness of a model's permissions predicate at a glance.

RFC on the proposal can be followed here #10237

V2 Issues that can be addressed by this proposal:

Metadata

Metadata

Assignees

Labels

a/authzIssues related to "authorization" and the policy engine after session claims are procesedc/v3-engineV3 Metadata and Enginev3

Type

No type

Projects

V3

Status

Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions