Page Contents
Home > @loopback/security > Permission
Permission class
Permission defines an action/access against a protected resource. It’s the what for security.
There are three levels of permissions
- Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email)
Signature:
export declare class Permission
Example
- create a user (action: create, resource type: user) - read email of a user (action: read, resource property: user.email) - change email of a user (action: update, resource property: user.email) - cancel an order (action: delete, resource type: order)
Properties
| Property | Modifiers | Type | Description |
|---|---|---|---|
| [\[securityId\]](/doc/en/lb4/apidocs.security.permission._securityid_.html) | `readonly` | string | |
| [action](/doc/en/lb4/apidocs.security.permission.action.html) | string | Action or access of a protected resources, such as `read`, `create`, `update`, or `delete` | |
| [resourceId?](/doc/en/lb4/apidocs.security.permission.resourceid.html) | string | _(Optional)_ Identity of a protected resource instance, such as `order-0001` or `customer-101` | |
| [resourceProperty?](/doc/en/lb4/apidocs.security.permission.resourceproperty.html) | string | _(Optional)_ Property of a protected resource type/instance, such as `email` | |
| [resourceType](/doc/en/lb4/apidocs.security.permission.resourcetype.html) | string | Type of protected resource, such as `Order` or `Customer` |