Role Based Access Control in kong

yvsssantosh · March 13, 2018, 12:43pm

Currently we have ACL’s in kong which allow or restrict a particular user to an endpoint written in kong

But how about Role Based Access Control?

So was just wondering if we could take each endpoint in given by user in kong and specify that only user having services.api_name.get can access get request (just as an example when we are trying to perform /GET ) or allow users to configure the requests itself i.e. services.api_name.get -> is configured by the user where he/she can assign specific roles and users inheriting those roles can access that endpoint

balexandre · March 15, 2018, 9:02am

As it stands today, and after reading the documentation, I have to assume that the only option is to create a new API entry and restrict that one to only GET for example using the methods property, then you can acl it to api-xxx-only-get.

If you need more tunning, I would strongly suggest you do use JWT in your endpoint and restrict per consumer… maybe a Kong JWT plugin + OAuth0 could also else shape your request like it’s explain in the docs because then all the roles are managed in their own dashboard.

Topic		Replies	Views
Kong manage role and authority Questions	0	35	April 5, 2024
How to achieve fine grained access control in Kong Questions	0	459	May 12, 2020
Restricted endpoints	1	515	November 6, 2018
Authentication based on upstream routes Questions	1	461	July 3, 2019
API authorization using kong and Auth0	0	547	May 8, 2019

Role Based Access Control in kong

Related Topics