Authorization Configuration
Configure roles and rules through the Admin Panel or API.
Roles
Roles define permissions that can be assigned to users.
Default Roles
| Role | Description |
|---|---|
admin | Full access to all resources |
user | Basic access for authenticated users |
Creating Roles
- Go to Admin Panel > Authorization > Roles
- Click Create Role
- Define role name and permissions
- Save
Assigning Roles
Roles can be assigned to users through:
- Admin Panel user management
- Admin API programmatically
caution
Deleting a role revokes access for all assigned users.
Rules
Rules define authorization logic for resources and actions.
Rule Components
| Component | Description |
|---|---|
| Resource | Resource type the rule applies to |
| Action | Operation being authorized (CRUD) |
| Role | Required role to perform action |
| Conditions | Optional granular conditions |
Rule Evaluation Order
- Check if user has required role
- Evaluate conditions (if any)
- Return allow or deny
info
Requests without matching rules are denied by default.
Managing Rules
Via Admin Panel
- Navigate to Authorization > Rules
- Create, edit, or delete rules
- Set conditions as needed
Via API
# Create rule via Admin API
curl -X POST 'http://localhost:3030/authorization/rules' \
-H 'masterkey: YOUR_MASTER_KEY' \
-H 'Content-Type: application/json' \
-d '{
"resource": "Posts",
"action": "read",
"role": "user"
}'
Best Practices
- Principle of Least Privilege - Grant minimum required permissions
- Role Hierarchy - Use inheritance to simplify management
- Audit Rules - Regularly review authorization rules
- Test Rules - Verify rules work as expected before production