Casbin Rbac with Resource scope

[rahulsharma0525]

Hello Community

I am trying to implement an internal authz system for an internal product. It should support multitenancy because the product may expand as an external solution.

my scenario is role reuse with different scopes within same tenant

example:

user1 --> reader-> resource1-->tenant1
user2 --> reader-> resource2-->tenant1

How to I implement this in casbin. I am aware casbin supports Rbac but if I just follow the rbac model I cannot assign role without affecting user1 scope. In the below example because I assigned user2 reader role and if I need to access resource2 I will have to increase reader role scope which also increases scope for user1. How do I keep them independent and still reuse role. This is pretty much the model used in Azure Rbac.

p, reader1, tenant1, resource1, read
p, reader1, tenant1, resource2, read

g user1, reader
g user2, reader

Thanks
Rahul

[hsluoyz]

@rahulsharma0525 see the code here: #1590