Authing DocsDocuments
Concept
Guides
Development Integration
Application integration
Concept
Guides
Development Integration
Application integration
Old Version
Development Integration
  • Single Sign-On (SSO)
  • Login component

  • JavaScript/Node.js

    • User Authentication Module

    • Management Module

      • Management user
      • Management application
      • Management role
      • Manage resources and permissions
      • Management groups
      • Management organization
      • Management User Custom Fields
      • Management registration white list
      • Management user pool configuration
      • Management MFA
      • Management subject certification
  • Java / Kotlin

  • Python

  • C#

  • PHP

  • Go

  • Ruby
  • Android

  • iOS

  • Flutter

  • React Native
  • WeChat Mini Program
  • WeChat webpage authorization
  • Framework Integration
  • Error code
  1. Development Integration
  2. /
  3. JavaScript/Node.js
  4. /
  5. Management Module
  6. /
  7. Manage resources and permissions

¶ AclManagementClient

Update Time: 2022-10-10 11:16:11
Edit

Authing builds an authorization model based on PBAC (Policy Based Access Control), which can be combined with RBAC (Role Based Access Control) to achieve high flexible and refined privilege control. This client abstracts this model into two methods: allow and isAllowed.

Please follow the instructions below to use this client. Do not initialize this client directly.

import { ManagementClient } from "authing-js-sdk";
const managementClient = new ManagementClient({
  userPoolId: "YOUR_USERPOOL_ID",
  secret: "YOUR_USERPOOL_SECRET"
});
managementClient.acl.allow; // allow a user to perfomr operation on some resource
managementClient.acl.isAllowed; // judge if a user has the privilege to operate on some resource

¶ Allow a user to perform an operation on a resource

AclManagementClient().allow(userId, action, resource)

Allow a user to perform an operation on a resource.

¶ Parameter

  • userId <string> user ID
  • action <string> The name of the action, which is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
  • resource <string> Resource name, which must be in the format of <resourceType>:<resourceId> or _, such as _,books:123,books:\*

¶ Example

managementClient.acl.allow("USERID1", "books:123", "books:read");
managementClient.acl.isAllowed("USERID1", "books:123", "books:read"); // true
managementClient.acl.isAllowed("USERID1", "books:123", "books:edit"); // false
managementClient.acl.allow("USERID2", "books:*", "books:*");
managementClient.acl.isAllowed("USERID2", "books:123", "books:read"); // true
managementClient.acl.isAllowed("USERID2", "books:124", "books:edit"); // true

¶ Return value

  • Promise<CommonMessage>

¶ Get whether a user has operation privilege of a resource

AclManagementClient().isAllowed(userId, action, resource)

Get whether a user has operation authority of a resource

¶ Parameter

  • userId <string> user ID
  • action <string> The name of the action, which is recommended to use the format of <resourceType>:<actionName>, such as books:edit, books:list
  • resource <string> Resource name, which must be in the format of <resourceType>:<resourceId> or _, such as _,books:123,books:\*

¶ Example

managementClient.acl.isAllowed("60b4a136d9xxxxcc3d87e55a", "books:*", "books:edit");

¶ Return value

  • Promise<boolean> whether the user has the privilege or not

¶ Get the list of all authorized resources of the user

UsersManagementClient.listAuthorizedResources(userId, namespace)

Get a list of resources that user is authorized to access, including resource that the user inherited from role, group and organization.

¶ Parameter

  • userId <string> user ID;
  • namespace <string> code of the privilege group. For more details, please refer to: Use privilege groups to manage privileged resources.

¶ Example

managementClient.users.listAuthorizedResources("60b4a136d9xxxxcc3d87e55a", "code");

¶ Sample data

  • type type is the type of resource, there are several different values that can be used:
    • DATA: data type;
    • API: interface type;
    • MENU: menu type;
    • BUTTON: button type;
  • code: resource descriptor, if the resource is DATA type, the format should be: resourceType: resourceId, for example, books:* means all books, books:1 means the book that has an id of 1.
  • actions: actions that user authorized to operate on the resource.
{
  "totalCount": 12,
  "list": [
    {
      "code": "menu_a",
      "type": "MENU"
    },
    {
      "code": "menu_b",
      "type": "MENU"
    },
    {
      "code": "books:1",
      "type": "DATA",
      "actions": ["books:delete", "books:update"]
    }
  ]
}
Prev: Management role Next: Management groups
  • Allow a user to perform an operation on a resource
  • Get whether a user has operation privilege of a resource
  • Get the list of all authorized resources of the user

User identity management

Integrated third-party login
Mobile phone number flash check (opens new window)
Universal login form component
Custom authentication process

Enterprise internal management

Single Sign On
Multi-factor Authentication
Authority Management

Developers

Development Document
Framework Integration
Blog (opens new window)
GitHub (opens new window)
Community User Center (opens new window)

Company

400 888 2106
sales@authing.cn
16 / F, Block B, NORTH STAR CENTURY CENTER, Beijing(Total)
room 406, 4th floor, zone B, building 1, No. 200, Tianfu Fifth Street, Chengdu(branch)

Beijing ICP No.19051205-1

© Beijing Steamory Technology Co.