Open Closed

Property Level Permission #7288


User avatar
0
IbrahimSarigoz created

We want to grant a user with update permissions an additional permission at the property level of an entity, ensuring they do not have the authority to modify that specific property. For example, a user should have permission to update a Book entity but should not be able to change its Name property, while another user should be able to change it. What is the most ideal way to achieve this?

  • ABP Framework version: v8.1.3
  • UI Type: MVC
  • Database System: EF Core Oracle
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes Tiered
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    ABP and ASP.NETCore does not have a solution for this scenario, you can check the discussion here https://stackoverflow.com/questions/62263805/asp-net-core-3-1-web-api-authorization-on-model-property-level

Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07