I still wonder how to build scheme for something like below:
I have permissions for different microservices which defined using role resource scope:
ResourceA, ResourceB, ResourceC
Each resource has scopes:
ResourceA => ScopeA1, ScopeA2, ScopeA3
ResourceB => ScopeB1, ScopeB2
ResourceC => ScopeC1, ScopeC2
Each user has role/group and each role has access to resource-scope pairs which defined for that microservice.
For example:
UserA has RoleA
RoleA can Access ResourceA with ScopeA1
So I can check that permission is UserA can access to ResourceA with ScopeA1 (which is true because user has role RoleA)