Can an attribute be used for several categories in ALFA?
A doctor can belong to subjectCat (the user that is trying to gain access) or to resourceCat (the referring physician of a medical examination the subject is trying to access).
As it appears to me, to support both cases I need to define the doctor for each category individually:
namespace subject {
namespace doctor {
attribute id {
category = subjectCat
id = "id"
type = string
}
attribute lastname {
category = subjectCat
id = "lastname"
type = string
}
//and 20 more attributes...
}
}
namespace resource {
namespace doctor {
attribute id {
category = resourceCat //this line is the only difference
id = "id"
type = string
}
attribute lastname {
category = resourceCat //this line is the only difference
id = "lastname"
type = string
}
//and 20 more attributes...
}
}
That's pretty cumbersome and bears a lot of redundancy. Is there anything I can do to avoid that?
You are right. You would redefine the attributes. In a way you are using the same object from your information model (e.g. doctor) but in one case that object (Doctor) acts as a subject. In another, it acts as an object you are protecting e.g.
- A doctor can view a medical record of a patient they are assigned to.
- An HR staff can view the salary of a doctor.
Yes, it means you would have to define the attribute itself in multiple categories. You can still leverage the namespace structure insofar as the combination of namespace and name remains unique.
You could do acme.user.staff.doctor and attribute name. You could then do acme.object.doctor and attribute name.
Note that Eclipse will let you do autocomplete too:
- How can I authenticate user token in Angular Guard if I am using Http-Only?
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Require authenticated user in asp.net core but require custom policy in some actions require custom policy
- How to define the basic HTTP authentication using cURL correctly?
- Relation between Authorization middleware and filter Asp.net core
- Roles Authorization not working for Razor Pages site using AddNegotiate
- Laravel `Auth` not compatible with 3rd party library ajax call?
- How to configure user and password for neo4j cluster without REST API
- Fetching custom Authorization header from incoming PHP request
- How can i ensure that controller methods are entered only in a specific sequence
- How to prevent users to access other user's data with dotnet core and RESTful APIs?
- How to know which controller method will be called from Web API Authorization filter
- .net how to set the the response body when the authorization failed?
- Spring security 6 - authorization not working
- Glide Image Download with Bearer fails
- Java: how to use UrlConnection to post request with authorization?
- Exploring Changes to Authentication and Authorization Setup in .NET 7 API with JWT
- Authentication on actions not controller
- How do I get access token inside Node.JS Google Cloud function?
- How to make Amazon AWS API call from Java?
- PUT request to Azure storage with shared key authorization
- Azure Container access via Python SDK fails with AuthorizationPermissionMismatch but I am owner
- Django user entitlements on creation / privilege escalation
- How to authenticate and authorize in blazor
- Error: ErrImagePull : failed to fetch oauth token: unexpected status: 403 Forbidden while creating kubernetes deployment on Google Cloud
- Why is AllowAnonymous not working while deployed to Azure Websites?
- Difference between Passport and JWT?
- How do I implement "Authorization: Bearer <Token>" in a Delphi REST Server?
- Redirect Unauthorized Page Access in MVC to Custom View
- OAuth 2: separating resource server and authorization server