Matching of access claims

Sandy · June 10, 2025, 12:49pm

If I have two access claims like this:

            Map.of(
                "permissions", Set.of("read", "write", "admin"),
                "roles", Set.of("user", "admin")
            )

Then for the access to be allowed I must have one of each in my actual claims

Map.of(
            "permissions", Set.of("read"),
            "roles", Set.of("other")

Should not work, correct?

jean · June 10, 2025, 1:01pm

Hi Sandy,

You are correct, the suggested user claims should not allow the user to access the protocol with mentioned party.

The party models behaves the following way:

All claim keys in a party (both in the entity and access) need to be present in the user’s claims.
For each claim key in the access section, at least one of the values need to be present in the user claims.
For each claim key in the entity section, all the values need to be present in the user claims.

Topic		Replies	Views
Simple authorization scheme Noumena Runtime question	1	21	June 4, 2025
Migration - add claims to protocol instances NPL Migrations party , question	4	55	April 22, 2025
Restrict Protocol creation Noumena Protocol Language party , feature-request	3	75	April 22, 2025
Party meta-data Noumena Runtime party , feature-request	1	49	November 5, 2024
How to make sure every party agrees to protocol Noumena Protocol Language	3	53	June 4, 2025