Skip to content

[Authorization] Extend privileges config to support OR evaluations #210977

New issue
New issue
Closed
#215516
Closed
[Authorization] Extend privileges config to support OR evaluations#210977
#215516
Assignees
elena-shostak
Labels
Feature:Security/AuthorizationPlatform Security - AuthorizationTeam:SecurityPlatform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t//
@elena-shostak

Description

@elena-shostak
elena-shostak
opened on Feb 13, 2025

Currently, our requiredPrivileges structure supports allRequired and anyRequired for defining authorization logic. However, there is a need to support more complex scenarios as (privilege1 AND privilege2) OR (privilege3 AND privilege4)

To achieve this we can extend anyRequired, which will allow for defining multiple AND conditions evaluated with OR logic:

security: {
  authz: {
    requiredPrivileges: [
      { anyRequired: [['privilege1', 'privilege2'], ['privilege3', 'privilege4']] }
    ]
  }
}

An array of arrays aka privilege groups where each inner group represents a set of privileges that must all be present (AND logic). The outer array represents OR logic between these groups.
So it will evaluate to: (privilege1 AND privilege2) OR (privilege3 AND privilege4)

The following needs to be done:

  • Modify the security config interface to extend anyRequired definition.
  • Implement logic to evaluate new anyRequired conditions.
  • Update existing documentation to include the new structure.
  • Write tests to validate the logic.

Metadata

Metadata

Assignees

Labels

Feature:Security/AuthorizationPlatform Security - AuthorizationTeam:SecurityPlatform Security: Auth, Users, Roles, Spaces, Audit Logging, etc t//

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions