I am implementing Attribute Based Access Control in angular typescript application with rails server.

I've searched for different solutions like followings but could not manage to implement cause of unclear solutions.

  1. Custom Roles Based Access Control RBAC in ASP NET
  2. simple attribute based access control with spring

The solution points to create a method for checking objects and its permissions list like this

public boolean check(Object subject, Object resource, Object action, Object environment)
  1. Subject is the entity (mostly a user) that requests access
  2. Resource is the entity to be accessed (e.g. file, database record, Store Information, ...)
  3. Action is the operation to be carried on the resource (e.g. read, write, delete, ...)
  4. Environment is any information regarding the context of the access that might be used in making the access decision (e.g. time, network, ...).

please help guide me how can I implement custom access control system in efficient way without using GEM or Package.

any suggestion and tips are welcome.

Edited by kaleemullah360: improvements

3 Months
Discussion Span
Last Post by rproffitt

thats me, I asked that question over there. cuase I am stuck in ABAC system. and didn't find custom solution. every where I see use of GEMS and Packages.


Maybe it's like a custom bit of hardware. That is, to do this you need that. I can't guess why you must not use GEMS and Packages but if that's how it's done, why not do that and complete the project?


The very strong reason, not using GEMS is when you be more specific GEMS becomes useless. I know that even after using GEMS I've to do custom ABAC.


I think this is one of those problems that you have to solve. That is, you want this and it's a rather niche solution. So you may have to make a quest out of it and create something new.

Think of GEMS like a tool. It's good for what it does and then when you need to do more you use another tool or if there is no tool, you create a tool. However I do encounter newish programmers that are looking for tools exclusively and don't create new tools. The usual reason is time.

PS. Since I'm not coding on your team, I am conversing with you about programming philosophy. That is, how we code, make design decisions and how much are we willing to invest. What might be needed is to step way back to an world view of the problem the app is trying to solve rather than thinking about how to use/avoid/extend GEMS or other thing.

Edited by rproffitt: Clarifying

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.