Stack Overflow
Stack Overflow

Questions tagged [resource-based-authorization]

10 questions
3
votes
1 answer

AWS Secrets Manger - Always Error even when the policy is correct

I have the following resource policy for my AWS Secrets Manager { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "policyForSomething", "Effect" : "Deny", "Condition": { "StringNotEquals": { …
ha9u63a7
  • 6,233
  • 16
  • 73
  • 108
2
votes
1 answer

secretsmanager:ResourceTag/environment doesn't work with *(star)

I am trying to narrow down access to secrets which has an "environment" key. But it doesn't allow me to do so. When using specific environment name like "secretsmanager:ResourceTag/environment": "development" it works. But a wildcard value isn't…
Rovshan Musayev
  • 144
  • 3
  • 15
2
votes
1 answer

Resource based (Imperative) authorization won't enter the handler

Scenario: I have an API with .net core 2.2 On top my controller I authorize access using IdentityServer4 with an Attribute Inside one of my endpoints I want to authorize access to a method only in some cases I implemented resource based…
rufiooo
  • 116
  • 8
1
vote
0 answers

Resource based authorization database schema

I have a fairly common database schema for authentication/authorization: User - Id - Username - Password Role - Id - Name RolePermission - RoleId - PermissionType UserRole - UserId - RoleId Up to there, no problems. Now I need to…
Alessandro
  • 3,666
  • 2
  • 28
  • 41
0
votes
0 answers

Where can I find a best practice example for implementing resource-based authorization in nodeJS or using an external service?

I'll be refactoring a large system with fairly complex business requirements that could also change in the future and we already have a type of resource-based auth that's poorly implemented. In essence, I need to have fine-grained control over user…
Supperhero
  • 911
  • 1
  • 7
  • 24
0
votes
1 answer

Error while creating resource based policy

Trying to create a resource-based policy and specifying a group as principal but it is failing, { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS":…
Amit Meena
  • 2,884
  • 2
  • 21
  • 33
0
votes
0 answers

SPA - Manage authorization based on resources and roles

I'm developing a Single Page Application using ReactJS + .Net Core 5 which has several fine-grained authorization checks. So, in my application there are users, roles and userroles to link these two information. Then, I have a Permissions table and…
MFF
  • 137
  • 8
0
votes
2 answers

AWS Secret Manager - Grants Everyone access when only a specific list of principals were set

I can see that there is a policy evaluation rule for Secrets Manager here. https://docs.aws.amazon.com/secretsmanager/latest/userguide/determine-acccess_understanding-policy-evaluation.html I have a policy attached to the secrets manager resource as…
ha9u63a7
  • 6,233
  • 16
  • 73
  • 108
0
votes
1 answer

declarative resource based requirement authorization not working with API Controller

I am trying setup an authoriztion policy that I can use to decorate actions in API Controllers in .net core 3.1. I have been following these examples : …
Paul
  • 693
  • 1
  • 10
  • 25
-1
votes
1 answer

How to use resource and role based authorization on AspNet Core 3.1 with EF Core?

I'm working on a marketplace backend application with role based authorization, and I'm handling access to actions using those roles. The admins manage all products and their filtering categories while the sellers choose which one to sell, with its…
Nelson Ciofi
  • 3
  • 1
  • 2