# Manage Authority & Access Control

Manage Authority & Access Control
- Allow a user to perform a certain operation on a certain resource
- Determine whether a user has a certain operation authority for a certain resource

Authing builds an authorization model based on PBAC (Policy Based Access Control), It can be combined with RBAC (Role Based Access Control) to achieve very flexible and refined access control. This module abstracts this model into two methods: allow and isAllowed.

Please use the module in the following way instead of initializing the module directly:

import {ManagementClient} from "authing-js-sdk"
const managementClient = new ManagementClient({
   userPoolId: "YOUR_USERPOOL_ID",
   secret: "YOUR_USERPOOL_SECRET",
})
managementClient.acl.allow // Allow a user to perform a certain operation on a certain resource
managementClient.acl.isAllowed // Determine whether a user has a certain operation permission on a certain resource

# Allow a user to perform a certain operation on a certain resource

AclManagementClient().allow(userId, action, resource)

Allow a user to perform a certain operation on a certain resource

# Parameters

userId <string> user ID
action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

managementClient.acl.allow('USERID1','books:123','books:read')
managementClient.acl.isAllowed('USERID1','books:123','books:read') // true
managementClient.acl.isAllowed('USERID1','books:123','books:edit') // false

managementClient.acl.allow('USERID2','books:*','books:*')
managementClient.acl.isAllowed('USERID2','books:123','books:read') // true
managementClient.acl.isAllowed('USERID2','books:124','books:edit') // true

# return value

Promise<CommonMessage>

# Determine whether a user has a certain operation authority for a certain resource

AclManagementClient().isAllowed(userId, action, resource)

Determine whether a user has a certain operation authority for a certain resource

# Parameters

userId <string> User ID
action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

managementClient.acl.isAllowed('USERID','books:*','books:edit')

# return value

-Does Promise<boolean> have operation authority

← Manage Strategy Manage Groups →