@loopback/docs

Version:

Documentation files rendered at [https://loopback.io](https://loopback.io)

github.com/strongloop/loopback-next/tree/master/docs

43 lines (28 loc) • 1.99 kB

Markdown

--- lang: en title: 'API docs: security.permission' keywords: LoopBack 4.0, LoopBack 4, Node.js, TypeScript, OpenAPI sidebar: lb4_sidebar editurl: https://github.com/strongloop/loopback-next/tree/master/packages/security permalink: /doc/en/lb4/apidocs.security.permission.html ---  [Home](./index.md) > [@loopback/security](./security.md) > [Permission](./security.permission.md) ## Permission class `Permission` defines an action/access against a protected resource. It's the `what` for security. There are three levels of permissions - Resource level (Order, User) - Instance level (Order-0001, User-1001) - Property level (User-0001.email) Signature: ```typescript export declare class Permission ``` ## Example - create a user (action: create, resource type: user) - read email of a user (action: read, resource property: user.email) - change email of a user (action: update, resource property: user.email) - cancel an order (action: delete, resource type: order) ## Properties | Property | Modifiers | Type | Description | | --- | --- | --- | --- | | [\[securityId\]](./security.permission._securityid_.md) | | string | | | [action](./security.permission.action.md) | | string | Action or access of a protected resources, such as <code>read</code>, <code>create</code>, <code>update</code>, or <code>delete</code> | | [resourceId?](./security.permission.resourceid.md) | | string | (Optional) Identity of a protected resource instance, such as <code>order-0001</code> or <code>customer-101</code> | | [resourceProperty?](./security.permission.resourceproperty.md) | | string | (Optional) Property of a protected resource type/instance, such as <code>email</code> | | [resourceType](./security.permission.resourcetype.md) | | string | Type of protected resource, such as <code>Order</code> or <code>Customer</code> |