Bit Field Role-based Access Control (RBAC)
Role-based Access Control (RBAC) is a mechanism that restricts system access by granting authorized users specific access rights, grouped together under a role name. This role is associated with a user, ensuring they have the required access when attempting restricted actions.
To check if a certain role has access, we need to assign a name to the access. Let’s consider the example below:
const (
AccessViewEmail = "view_email"
AccessViewPhone = "view_phone"
AccessUpdateEmail = "update_email"
AccessUpdatePhone = "update_phone"
)
var Reviewer = []string{AccessViewEmail, AccessViewPhone}
var PhoneAdmin = []string{AccessViewPhone, AccessUpdatePhone}
var EmailAdmin = []string{AccessViewEmail, AccessUpdateEmail}To determine if a Reviewer is allowed to update the phone number, we simply need to iterate through the Reviewer access set until we find the string update_email. If we find it, they are allowed. Otherwise, access is restricted.
Since the role is essentially an array of strings, we can include these roles in the JWT payload. This allows the front end to utilize these accesses to restrict specific UI elements if the expected access is not found. Sounds good, right? Unfortunately, it would significantly increase the size of the JWT, especially for roles with many accesses. To address…
