Enforcement

In Permguard, enforcement is handled by the Policy Enforcement Point (PEP). Its role is to verify whether an identity has permission to perform specific actions on resources within a given namespace.

In the MagicFarmacia sample the application enforces a permission check to determine whether the platform-admin actor can view a subscription.

Enforcement

To enforce access control, the PEP queries the Policy Decision Point (PDP) for a decision.

{
  "authorization_model": {
    "zone_id": 273165098782,
    "policy_store": {
      "kind": "ledger",
      "id": "fd1ac44e4afa4fc4beec622494d3175a"
    },
    "principal": {
      "type": "user",
      "id": "amy.smith@acmecorp.com",
      "source": "keycloak"
    },
    "entities": {
      "schema": "cedar",
      "items": [
        {
          "uid": {
            "type": "MagicFarmacia::Platform::Subscription",
            "id": "e3a786fd07e24bfa95ba4341d3695ae8"
          },
          "attrs": {
            "active": true
          },
          "parents": []
        }
      ]
    }
  },
  "subject": {
    "type": "user",
    "id": "amy.smith@acmecorp.com",
    "source": "keycloak",
    "properties": {
      "isSuperUser": true
    }
  },
  "resource": {
    "type": "MagicFarmacia::Platform::Subscription",
    "id": "e3a786fd07e24bfa95ba4341d3695ae8",
    "properties": {}
  },
  "context": {
    "time": "2025-01-23T16:17:46+00:00"
  },
  "evaluations": [
    {
      "action": {
        "name": "MagicFarmacia::Platform::Action::create",
        "properties": {}
      }
    },
    {
      "action": {
        "name": "MagicFarmacia::Platform::Action::delete",
        "properties": {}
      }
    }
  ]
}

Resource Pathing

Cloud Native Patterns

Docs

permguard

Enforcement

Enforcement

Enforcement

Enforcement#

Enforcement