Page Contents

Home > @loopback/security > Permission

Permission class

Permission defines an action/access against a protected resource. It’s the what for security.

There are three levels of permissions

  • Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email)

Signature:

export declare class Permission 

Example

  • create a user (action: create, resource type: user) - read email of a user (action: read, resource property: user.email) - change email of a user (action: update, resource property: user.email) - cancel an order (action: delete, resource type: order)

Properties

Property Modifiers Type Description
action   string Action or access of a protected resources, such as read, create, update, or delete
resourceId   string Identity of a protected resource instance, such as order-0001 or customer-101
resourceProperty   string Property of a protected resource type/instance, such as email
resourceType   string Type of protected resource, such as Order or Customer