Permissions, Privileges and Scopes - What's the Difference?!
Vložit
- čas přidán 19. 05. 2024
- Permissions, privileges, and scopes in the context of authorization, access control, and delegated authorization - what's the difference? Understanding the basics will help you better communicate a system's needs, and design solutions that minimize bad surprises.
Read the accompanying blog post to this video, which includes an illustration that summarizes the content: auth0.com/blog/permissions-pr...
Read the article on the nature of scopes: auth0.com/blog/on-the-nature-...
Chapters:
0:00 Welcome
00:23 Overview
01:03 What is Access Control?
01:41 What are Permissions?
02:54 What are Privileges?
03:53 An analogy of Access Control
04:49 An analogy of Delegated Authorization
05:50 How these analogies align to computer systems
06:45 How Scopes make Delegated Authorization possible
09:36 Common Myth 1: Scopes are not Privileges
10:54 Common Myth 2: Permissions and Scopes have a natural mapping
11:39 Common Myth 3: Privileges and Scopes have a natural mapping
12:27 Summary
___________________________________________
Learn with Auth0 by Okta
Try for free - a0.to/auth0
The Auth0 by Okta blog - a0.to/blog
Ask questions on the Community Forum - a0.to/community ___________________________________________
Follow Us on Social
Twitter - / oktadev
LinkedIn - / oktadev - Věda a technologie
What an amazing video! The pacing, the voice, the soft background music, the clear animations, they are absolutely perfect! Instantly subscribed!
Glad you enjoyed it! Thanks for your kind feedback.
This is a very useful, clear and succinct overview :)
This video was extremely useful!
Great to hear! Thanks for the feedback
What an amazing video, thanks for that.
Thanks for the feedback! We're glad to hear you found it helpful.
Question: Since checking the scope is not enough (as it isn't a subset of the user's privileges), what is the most efficient way to access/validate the user's privileges?
Amazing content by the way! This is the clearest explanation I've seen around this topic for years.
👋Okta Dev Advocate here. Thank you so much for the feedback. To answer your question - How you perform these checks honestly depends on how you intend to use the user’s permissions in an application. If you do use Auth0 you can add permissions to your access tokens, and check these in your APIs or backend. We also have some code samples that demonstrate this on the Auth0 Developer Center. Hope this helps! Happy to talk offline if it that would be useful.
Thanks,@@coreylweathers ! You can explore one approach to run these checks using the Auth0 Developer Center Resources: developer.auth0.com/resources/code-samples/api Check out the ones for “Role-Based Access Control”.
Very helpful. Thank you.
Why in every IT company we have some philosophers who decide what is Privildge, Permission, Scope etc? Why we cannot have common understanding of the same things?
Excellent