Runtime Authorization Rules

sherwoodzern · February 1, 2019, 7:33pm

Right now authorization rules are static, in other words, I define the rules, deploy, and then a client (user or service account) are then determined as to whether they fall in the role.

It would be great if a rule can be set up that has an expiration time. Let’s say I have a user that I want to temporarily assign them admin role. I could create a rule that says this specific user has admin rights if the date and time falls within a date and time range.

In addition, being able to define a role can be determined by data that is passed in at runtime.

YangminZhu · February 2, 2019, 2:53am

Would it be better to decouple this from the Authorization API as I feel it’s not part of the authorization work. For example, you could start a cron job to remove the authorization rule after some time.

What do you mean about “define a role can be determined by data that is passed in at runtime.”? Could you clarify a little about this use case? Thanks.

Topic		Replies	Views
"Dynamic" access rule constraints in a ServiceRole Security	3	806	March 29, 2019
How are end-user permissions usually specified? i.e., How do we know the permissions of an end-user? security	0	458	December 20, 2019
AuthorizationPolicy Condition Value from Environment Variable Security security	1	693	January 24, 2022
How do the developers usually specify the end-user permissions? i.e., How do we know the permissions of an end-user? Security	0	318	January 2, 2020
Authorization Policy rule values from request headers Security security	1	1284	April 27, 2022

Runtime Authorization Rules

Related Topics