Resource Based Access Control

Fleeting

Resource based access control Not to be confused with RBAC.

Resource-based authorization.

Authorizing an action based on a particular resource. For example, every resource has an owner. The owner can delete the resource; other users cannot.

— https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/authorize

Resource based authorization occurs whenever the authorization depends on a specific resource that will be affected by an operation.

— https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/authorize

Notes pointant ici

• access control
• JWT Access Tokens profile for OAuth 2.0
• Relation Based Access Control
• what should I put into those scopes and access tokens claims? (blog)

Permalink