This question pertains to OpenAPI 3.0.0
Have a need to specify Create, Read, Update and Delete permissions as pertains to models and properties.
To be specific, some of our permissions are defined on the models/properties and although there is a correlation with the controller method / operations, they are not the same.
This is for internal use to communicate to clients but would still like to know if a pattern exists.
Two options I have considered are:
- Add an
x-permissionsto each applicableComponents Objectand be done - Define User permissions in a
Security Scheme Objectand reference them from the appropriateSecurity Requirement Object
Specs to reference:
