Data Permissions

We have two solutions for data permissions (filtering). Using implicit assignment APIs. Or just use BatchEnforce() API.

1. Query implicit roles or permissions

When a user inherits a role or permission via RBAC hierarchy instead of directly assigning them in a policy rule, we call such type of assignment as implicit. To query such implicit relations, you need to use these 2 APIs: GetImplicitRolesForUser() and GetImplicitPermissionsForUser instead of GetRolesForUser() and GetPermissionsForUser. For more details, please see this GitHub issue.

2. Use `BatchEnforce()`

BatchEnforce enforces each request and returns result in a bool array

For example:

boolArray, err := e.BatchEnforce(requests)

1. Query implicit roles or permissions

2. Use BatchEnforce()

2. Use `BatchEnforce()`