Distributed Grant File

[MangoChris]

I'm thinking of using accesscontrol in a microservice architecture where multiple microservices will want to share the same authentication rules.

So my question is what pattern is best to solve this problem?

• wrap it in a rpc?
• wrap it in a rest API?
• fetch the grant file from remote location and load it in?
• other....?

[mohammadrz003]

I would say you can store grant objects into a database and retrieve all the objects from the database. and once you fetched that from the database, pass that to the AccessControl constructor:

// grant list fetched from DB:
let grantList = [
    { role: 'admin', resource: 'video', action: 'create:any', attributes: '*, !views' },
    { role: 'admin', resource: 'video', action: 'read:any', attributes: '*' },
    { role: 'admin', resource: 'video', action: 'update:any', attributes: '*, !views' },
    { role: 'admin', resource: 'video', action: 'delete:any', attributes: '*' },

    { role: 'user', resource: 'video', action: 'create:own', attributes: '*, !rating, !views' },
    { role: 'user', resource: 'video', action: 'read:any', attributes: '*' },
    { role: 'user', resource: 'video', action: 'update:own', attributes: '*, !rating, !views' },
    { role: 'user', resource: 'video', action: 'delete:own', attributes: '*' }
];
const ac = new AccessControl(grantList);