Page Contents
Home > @loopback/security > Permission
Permission class
Permission defines an action/access against a protected resource. It’s the what for security.
There are three levels of permissions
- Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email)
Signature:
export declare class Permission
Example
- create a user (action: create, resource type: user) - read email of a user (action: read, resource property: user.email) - change email of a user (action: update, resource property: user.email) - cancel an order (action: delete, resource type: order)
Properties
| Property | Modifiers | Type | Description |
|---|---|---|---|
| [securityId] | string | ||
| action | string | Action or access of a protected resources, such as read, create, update, or delete |
|
| resourceId? | string | (Optional) Identity of a protected resource instance, such as order-0001 or customer-101 |
|
| resourceProperty? | string | (Optional) Property of a protected resource type/instance, such as email |
|
| resourceType | string | Type of protected resource, such as Order or Customer |