Building an RBAC Policy
Creating an RBAC Policy is very simple within Permit. Let's run through a simple example that is defined below.
An Administrator within a company can perform all actions on documents
Creating roles (Top Level in the UI)
As part of the RBAC Policy, we need to create specific roles (Top Level in the UI) that will be assigned specific permissions. We are going to create two roles; an admin and a customer.
Creating the Admin Role (Top Level) within the UI
Creating the Customer Role within the UI
Adding a Resource
Once we have established the roles we want within out project, we need to define the resource for the roles. Remember that each created resource becomes available for each role within each project.
As you can see, we currently have no resources, so lets define a resource called documents. For that specific resource, we need to define the actions that we can perform on the resource. In this case, we can create, read, update and delete documents.
Creating a Resource within the UI
This is what the roles will look like now, with each individual resource defined and the actions that we can select. We are ready give permissions to the role to perform the selected actions on the resource.
Assigning Permissions to Actions
Under each role, we have selected the actions we want to allow that role to perform on the current resource.
Roles with specific selected permissions
Creating a User & Assigning a Role
Now that all our roles as defined with the correct permissions, we need to assign the specific roles to individual users within our company.
The users
We need to navigate to the Users panel to work with users within Permit.
Assigning a role to a user
After the user has been created, we can assign him a role from the roles we have available within out policies.
A user with the admin role
Once the user is created and a role is assigned, you can view this users in a rendered table in the Users panel.
Congratulations! You have created a simple RBAC Policy!