Page Contents


This example is migrated from loopback-example-access-control, and uses the authentication and authorization system in LoopBack 4 to implement the access control.


This tutorial demonstrates how to implement a RBAC(Role Based Access Control) system and provides 5 endpoints to test different role’s permissions. The tutorial of building it from a dummy application documented in auth-example-migration-tutorial


First, you’ll need to install a supported version of Node:

Additionally, this tutorial assumes that you are comfortable with certain technologies, languages and concepts.

  • JavaScript (ES6)
  • REST

Lastly, you’ll need to install the LoopBack 4 CLI toolkit:

npm i -g @loopback/cli

Try it out

If you’d like to see the final results of this tutorial as an example application, follow these steps:

  $ npm start

  Server is running at

Then try different roles’ permissions by following the try it out section

Need help?

Check out our Slack and ask for help with this tutorial.


Open an issue in loopback-next and we’ll take a look.



Run npm test from the root folder.


See all contributors.