개요

Introduction

All users associated with a single Casdoor organization share access to the organization's applications. 그러나 특정 애플리케이션 또는 애플리케이션 내 특정 리소스에 대한 사용자 접근을 제한하려는 경우가 있을 수 있습니다. 이러한 경우, Casbin에서 제공하는 Permission 기능을 활용할 수 있습니다.

Understanding Casbin Concepts

Before delving deeper into the topic, it is important to have a basic understanding of how Casbin works and its related concepts:

• Model: Defines the structure of your permission policies and the criteria for matching requests against these policies and their outcomes. You can configure models in the Models page in Casdoor.
• Policy: Describes the specific permission rules (who can access what resources with what actions). You configure policies in the Permissions page in Casdoor.
• Adapter: An abstraction layer that shields Casbin's executor from the source of the Policy, allowing the storage of Policies in various locations like files or databases. Learn more about Adapters.

팁

Learn More About Casbin

Visit the Casbin documentation to learn more about access control models and patterns. You can also use the Casbin Online Editor to create and test Model and Policy files for your specific scenarios.

Configuring Permissions in Casdoor

Where to Configure

In the Casdoor Web UI, you'll work with two main pages:

1. Models Page: Navigate to Models in the sidebar to add or edit Models for your organization.

   

2. Permissions Page: Navigate to Permissions in the sidebar to configure permission policies.

   

How Permissions Work

Returning to the subject of permission configuration in Casdoor:

1. Add a Model: First, create a Model for your organization in the Models page within the Casdoor Web UI.
2. Configure a Policy: Then, add a Policy (permission rules) for your organization in the Permissions page.

Casbin 온라인 에디터는 특정 사용 시나리오에 맞게 맞춤화된 모델과 정책 파일을 제공할 수 있습니다. 웹 UI를 통해 모델 파일을 Casdoor에 쉽게 가져와 내장된 Casbin에서 사용할 수 있습니다. For the Policy configuration (i.e., the Permissions page in the Casdoor Web UI), refer to the Permission Configuration guide for detailed instructions.

Using Permissions with Your Application

애플리케이션이 Casdoor의 내장된 Casbin을 통해 권한 제어를 적용해야 하는 것처럼, Casdoor 자체도 Casbin을 통해 API 인터페이스에 대한 접근 권한을 조절하기 위해 자체 모델과 정책을 사용합니다. Casdoor는 내부 코드에서 Casbin을 호출할 수 있지만, 외부 애플리케이션은 그렇게 할 수 없습니다.

해결책으로, Casdoor는 외부 애플리케이션들이 내장된 Casbin을 호출할 수 있도록 API를 제공합니다. See the Exposed Casbin APIs documentation for definitions of these API interfaces and instructions on how to use them.

Related Features

Account Item Permissions

Casdoor also provides fine-grained permission control at the user account field level through the Edit Organization page:

• View rule: Control who can view specific user account fields
• Modify rule: Control who can modify specific user account fields

These rules can be set to:

• Public: Everyone has permission
• Self: Each user has their own permission
• Admin: Only administrators have permission

Learn more in the Account Customization documentation.

Role-Based Access Control

Casdoor supports role-based permissions where you can assign roles to users and configure permission policies for these roles. This allows you to manage permissions at the role level rather than individual user level.

Next Steps

• Permission Configuration: Learn how to configure each field in the Permission page
• Exposed Casbin APIs: Use Casbin APIs in your external applications
• Adapters: Configure adapters for policy storage
• Account Customization: Configure field-level permissions for user accounts

시작해봅시다!