Flipt
Questions on authorization with v2 #4583
-
|
Hi, I'm currently trying to have a self hosted Flipt server, and I have questions regarding authorization.
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi @llfrank21 ! Great questions about Flipt v2 authorization. Let me clarify based on the v2 implementation:
You're correct - in v2, the request structure has changed from using resource/subject fields to using a scope field. This is a breaking change from v1.
You're absolutely right in your observation. In v2, Flipt has intentionally simplified the authorization model to only have two scope types:
There are no longer separate flag or segment resource types in v2 authorization. All flag and segment operations are authorized at the namespace level with the For example:
This simplification means you control access at the namespace level. If a user has create permission for a namespace, they can create any resource type (flags, The v2 authorization model follows this hierarchy:
I've got a PR up on the docs repo to hopefully make this more clear in the future and to describe the differences between v1 and v2 authz: flipt-io/docs#353 |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much! |
Beta Was this translation helpful? Give feedback.
Hi @llfrank21 ! Great questions about Flipt v2 authorization. Let me clarify based on the v2 implementation:
You're correct - in v2, the request structure has changed from using resource/subject fields to using a scope field. This is a breaking change from v1.
You're absolutely right in your observation. In v2, Flipt has intentionally simplified the authorization model to only have two scope types: