Strategy for Defining Permissions/Roles With Resource Granularity

[marcodlk]

Hi I'm trying to use Fief for a project but I don't have experience with defining roles and permissions. How would I go about defining RBAC similar to say GitHub or GitLab where there are high level roles (Guest, Maintainer, Owner) etc but those roles are administered on a per-repository basis? After reading the tutorial, it seems that one way to do it would be to make "Repo X Guest/Maintainer/Owner" roles for each repo... but that doesn't seem quite right. Any thoughts/guidance on what would be the best way to go about this?

Discussion #24 might be relevant... is what I'm looking for simply not supported yet?

Thanks!

[fief-bailiff[bot]]

Hail, @marcodlk 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

Farewell!

[frankie567]

Hi @marcodlk 👋

Right now, it's not possible to define roles/permissions at a resource level. Since it's highly dynamic (new resources are added constantly in your app), it would be quite complicated and slow to manage it a Fief level, because you would have a lot of back and forth between your server and Fief.

I suggest you implement it in your own application, with your own logic. It can be as simple as a relationship table linking a user id, a resource and the associated permissions. Something like this:

Fief User ID	Resource ID	Read	Update	Delete
USER_1	RESOURCE_1	TRUE	FALSE	FALSE
USER_1	RESOURCE_2	TRUE	TRUE	TRUE
USER_2	RESOURCE_1	TRUE	TRUE	TRUE

[marcodlk]

Thanks for the reply and suggestion @frankie567. That clears it up.

Out of curiosity, is defining roles/permissions at a resource level part of Fief's roadmap?

[frankie567]

Well, no, I don't think it'll be part of the features. As I mentioned, I believe it'll be quite hard to make it work reliably and efficiently with developers backends.