# Manage Authority & Access Control

Manage Authority & Access Control
- Allow a user to perform a certain operation on a certain resource
- Determine whether a user has a certain operation authority for a certain resource

Authing builds an authorization model based on PBAC (Policy Based Access Control), It can be combined with RBAC (Role Based Access Control) to achieve very flexible and refined access control. This module abstracts this model into two methods: allow and isAllowed.

# Allow a user to perform a certain operation on a certain resource

AclManagementClient().allow(userId, action, resource)

Allow a user to perform a certain operation on a certain resource

# Parameters

userId <string> user ID
action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

# Allow a user to operate a role
management_client.acl.allow(
    resource='books:123',
    action='books:edit',
    userId='USERID'
)

# Allow a role to operate a role
management_client.acl.allow(
    resource='books:*',
    action='books:edit',
    role='ROLE'
)

# Determine whether a user has a certain operation authority for a certain resource

AclManagementClient().is_allowed(userId, action, resource)

Determine whether a user has a certain operation authority for a certain resource

# Parameters

userId <string> User ID
action <string> operation name, it is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
resource <string> Resource name, must be in <resourceType>:<resourceId> format or *, such as *, books:123, books:*

# Example

is_allowed = management_client.acl.is_allowed(
    userId='USERID',
    resource='books:*',
    action='books:edit',
)

← Manage Strategy Manage custom field metadata →