How to set the access control for microservices

73 Views Asked by AudioBubble At 04 April 2025 at 21:23

I use Loopback Framework to create several services and I use an api gateway (tyk) to manage them.

Unfortunately I do not see how to set the access control for each of them.

I do not want a user to access data that does not belong to him.

Many thanks,

Original Q&A

There are 1 best solutions below

ChamalPradeep On 27 September 2017 at 09:19

you can easily use two methods to secure your model.

1.From model.json file

inside your model model.json you can include ACL objects.

 "acls": [{
    "accessType": "EXECUTE",
    "principalType": "ROLE",
    "principalId": "$authenticated",
    "permission": "ALLOW"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "DENY"
  }]

2.Using operational hooks in model.js file you can use operational hooks to manipulate security.

example

 Template.observe('access', function (ctx, next) {
    if(ctx.options.team){
      var teamId = ctx.options.team.teamId;
     ctx.query.where= ctx.query.where  || {or :[ {user_created : 0},{teamId : teamId}]}   ;
    next();
    }

  });

hope this will be helpful.

How to set the access control for microservices

There are 1 best solutions below

Related Questions in JAVASCRIPT

Related Questions in REST

Related Questions in MICROSERVICES

Related Questions in LOOPBACKJS

Related Questions in TYK

Trending Questions

Popular # Hahtags

Popular Questions