Biscuit RBAC Policies

A Role-Based Access Control (RBAC) implementation has been put in place. This system was directly integrated at the level of the Biscuits verifiers, offering a robust and granular security layer. RBAC makes it possible to precisely define who can access which resources, based on the roles assigned to users. This approach ensures fine-grained permission management and strengthens the overall security of the system.

Integrate RBAC to a verifier plugin

You could use your RBAC entities into a verifier plugin.

  {
    "verifier_ref": "YOUR_BISCUIT_VERIFIER_ENTITY_REF",
    "rbac_ref": "RBAC_POLICY_ENTITY_REF" // optional
    "enforce": false, // true or false
    "extractor_type": "header", // header, query or cookies
    "extractor_name": "Authorization"
  }

Integrate RBAC to a verifier plugin​

Integrate RBAC to a verifier plugin