OpenTDF Platform monorepo enabling the development and integration of _forever control_ of data into new and existing applications. The concept of forever control stems from an increasingly common concept known as zero trust.
BSD 3-Clause Clear License
18
stars
7
forks
source link
EntityResolution service should be more secured by RBAC casbin privileges #1046
The current RBAC Casbin defaultPolicy gives ERS route access to the standard role. This route should be of higher privilege to avoid an authenticated user querying another entity's idP value entity resolution.
Background
The current RBAC Casbin
defaultPolicy
gives ERS route access to thestandard
role. This route should be of higher privilege to avoid an authenticated user querying another entity's idP value entity resolution.https://github.com/opentdf/platform/blob/db4f06fdb9314747d9a95a5a09f974d86a1f0f29/service/internal/auth/casbin.go#L85
Acceptance Criteria