Role or group based authorization for backend services

palic · June 19, 2019, 9:56am

Good day to you.

We configured ISTIO with policies to

have free access to our Angular web application with https://${DOMAIN} and
to have access to backend services via https://${DOMAIN}/api after a successful login, where the JWT token is validated.

Is there a way to get a role or group based authorization, where some logged in user can access services in the backend and some logged in user are not allowed to?

Thank you for any hints and best regards,
Jan

philliple · June 19, 2019, 5:18pm

Let me know if this helps https://istio.io/docs/tasks/security/rbac-groups/ or if you have more questions.

YangminZhu · June 20, 2019, 1:16am

If you can mint a claim that represents the group information in your JWT token, you could then use Istio RBAC to enforce access control based on the claim.

palic · June 27, 2019, 7:11am

Good day to you.

Thank you both for your hints and I will research in this way.

Best regards,
Jan

Topic		Replies	Views
JWT and Authorization Security	7	1010	July 2, 2019
Applications Roles and RBAC	1	583	December 14, 2019
Newbie Question on Authorization and JWT Contributors	2	606	January 20, 2020
Matching permissions in Istio AuthorizationPolicy Security security	1	493	July 10, 2020
RBAC with Service identities and K8 Roles Security	1	398	February 7, 2022

Role or group based authorization for backend services

Related topics