Base solution for your next web application

Activities of "murphymj5209"

I am on the latest aspnetzero and want to ask if there are plans to add a Resource Based Access(rebac) permission system to aspnet zero? My use case is when I upload a file, I can keep-track of it in the permission-file system so that UserA uploads the file and UserB, not in the same tenant, canView the file at the ability of UserA.

One example of a 'solution' is to integrate permit.io 'but' there integrations requires have a copy of the Tenant and other tables on permit, and introducing a bigger problem - syncing tables/data. The only solution I am aware of is to integrate / use the rego language like permit but not all the syncing; hence alot of work.

if you have a suggestion on how to implement a rebac using the existing roles and permission, I would be grateful. Any suggestions are appreciated.

since it seems like whatever service we may use there will be issues with downtime. Please let me know what to do or how to handle.

To me it seems like I need to write code, it also seems like aspnetzero needs to write code.

so in doing this your suggested way, to me it reads that security just went out the door??!!

Yes, a bold statement but how does TenantA user1, 'find' TenantB User3 so sharing can happen?

I think I have my 'solution': https://casbin.org/ its does the 3 flavors of acl's. My hesitancy in doing personal coding is alot of effort for an inexperienced area.

I would suggest that this or other system be implemented for a future release. Thanks again for your help.

I have aspnetzero, the latest release and want to know if I can have a Access Control List that spans tenants.

Some more details:I have a Dev, stagging, Production systems, a) TenantA, user1, user2, Role1, Role2 b) TenantB, user3, user4, Role3, Role4. User3 is using a normal data entry form and wants to share the data with User1, preferable without copying data, Hence the idea of ACL.

How can i use/implement the ACL I am describing for the systems outlined. Thanks.

I used the latest code 13.2.

The miniExcel package is depreciated and I am concerned that vulnerabilities exist; please consider using ClosedXML. Soon I will be doing FDA penetration testing and vulnerability scanning using a company like Red Sentry. I am concerned that this product will be an issue.

Thanks for listening.

Answer

no when I login, I am logged always into tenant 1; the migration when I build from scratch has entries for tenant null, but login always is tenant #1

Answer

Sorry to reopen but I am confused on how todo. thanks for your understanding.

maybe my question should be: how do I login as the null tenant so i can set roles, etc.

Question

current release of ANZ: how do I login to ANZ to use the Null tenant; so I can set roles 1 time for all tenants, themes, etc. If I use Admin, then tenant 1 is created and used. thanks.

Showing 1 to 10 of 101 entries