Details
-
Type:
Monitor
-
Status: In Progress
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Unknown
-
HD-Enabler:Unknown
-
HD-Node:Unknown
Description
Created question in FIWARE Q/A platform on 30-07-2024 at 13:07
Please, ANSWER this question AT https://stackoverflow.com/questions/78811548/implementing-fine-grained-access-control-with-authzforce-for-fiware-services
Question:
Implementing Fine-Grained Access Control with AuthZForce for FIWARE Services
Description:
I'm working on securing a FIWARE system (Orion, Quantum Leap) using Keyrock, Wilma, and AuthZForce. My goal is to implement fine-grained access control based on FIWARE services.
Each entity in our system belongs to a service, identified by the Fiware-Service header. I want to restrict access to these services based on user roles:
*User1: Can only access *fiwareservice1
*User2: Can access *fiwareservice2 and fiwareservice3
*User3: Can access all *services
I'm struggling to create appropriate XACML policies in AuthZForce to enforce these rules. Has anyone successfully implemented a similar setup?
I'm open to suggestions if this approach is not ideal or if there are alternative methods for managing service-based access control in FIWARE.
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
8h 8m | 1 | Backlog Manager | Today 2:00 AM |
