Role or group based authorization for backend services

Good day to you.

We configured ISTIO with policies to

  • have free access to our Angular web application with https://${DOMAIN} and
  • to have access to backend services via https://${DOMAIN}/api after a successful login, where the JWT token is validated.

Is there a way to get a role or group based authorization, where some logged in user can access services in the backend and some logged in user are not allowed to?

Thank you for any hints and best regards,

Let me know if this helps or if you have more questions.

If you can mint a claim that represents the group information in your JWT token, you could then use Istio RBAC to enforce access control based on the claim.

Good day to you.

Thank you both for your hints and I will research in this way.

Best regards,