I work on REST API that mixes two types of security:
First you have standard role-based security - so we have multiple roles such as admin, read-only user, super user user etc.
Then we have also have most of those user belonging to certain customers, so we need to secure specific resources (and child resources) based on user customer / owner.
Is there a well accepted name for this second type of security? The reason I am asking is that I want to find what patterns exist out there to working with the mix of the two - and it is hard to search for it if you do not know proper term for it.
Aucun commentaire:
Enregistrer un commentaire