# Manage Authority & Access Control

Authing builds an authorization model based on PBAC (Policy Based Access Control), It can be combined with RBAC (Role Based Access Control) to achieve very flexible and refined access control. This module abstracts this model into two methods: allow and isAllowed.

Please use the module in the following way instead of initializing the module directly:

import {ManagementClient} from "authing-js-sdk"
const managementClient = new ManagementClient({
   userPoolId: "YOUR_USERPOOL_ID",
   secret: "YOUR_USERPOOL_SECRET",
})
managementClient.acl.allow // Allow a user to perform a certain operation on a certain resource
managementClient.acl.isAllowed // Determine whether a user has a certain operation permission on a certain resource

# Allow a user to perform a certain operation on a certain resource

AclManagementClient().allow(userId, action, resource)

Allow a user to perform a certain operation on a certain resource

# Parameters

  • userId <string> user ID
  • action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
  • resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

managementClient.acl.allow('USERID1','books:123','books:read')
managementClient.acl.isAllowed('USERID1','books:123','books:read') // true
managementClient.acl.isAllowed('USERID1','books:123','books:edit') // false
managementClient.acl.allow('USERID2','books:*','books:*')
managementClient.acl.isAllowed('USERID2','books:123','books:read') // true
managementClient.acl.isAllowed('USERID2','books:124','books:edit') // true

# return value

  • Promise<CommonMessage>

# Determine whether a user has a certain operation authority for a certain resource

AclManagementClient().isAllowed(userId, action, resource)

Determine whether a user has a certain operation authority for a certain resource

# Parameters

  • userId <string> User ID
  • action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
  • resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

managementClient.acl.isAllowed('USERID','books:*','books:edit')

# return value

-Does Promise<boolean> have operation authority