search

Access Control For Tenants

Once you have proper roles and role resolvers added into your project the next step comes to setup proper access controls (ACL)arrow-up-right for REST apis.

You can setup the correct ACL for each built-in method or remote methodsarrow-up-right through javascript (<model>.js files) or you can add ACL rules in <model>.json file.

hashtag
Example

For example, lets setup some ACL rules in organization model for a custom method names addProductsInBulk through organization.json file

...
"acls": [
        {
            "accessType": "EXECUTE",
            "principalType": "ROLE",
            "principalId": "adminForOrg",
            "permission": "ALLOW",
            "property": "addProductsInBulk"
        },
        {
            "accessType": "EXECUTE",
            "principalType": "ROLE",
            "principalId": "userForOrg",
            "permission": "ALLOW",
            "property": "addProductsInBulk"
        },
    ]
...
PreviousRole ResolversNextBetter Programming with multi-tenancy

Last updated