2020-10-02
1124
#node
Godwin Ekuma
26047
Oct 2, 2020 â‹… 4 min read

How to use AccessControl for RBAC and ABAC in Node.js

Godwin Ekuma I learn so that I can solve problems.

Recent posts:

designing llm first products

Designing LLM-first products, not just features

Everyone’s building chat-first AI products. And most of them suck. Here’s how to break the mold and ship LLM-native software that actually solves problems.

Rosario De Chiara
May 30, 2025 â‹… 4 min read
Build A React AI Image Generator With Hugging Face Diffusers

Build a React AI image generator with Hugging Face Diffusers

Build a React-based AI image generator app offline using the Hugging Face Diffusers library and Stable Diffusion XL.

Andrew Baisden
May 29, 2025 â‹… 10 min read
Gemini 2.5 and the future of AI reasoning for frontend devs

Gemini 2.5 and the future of AI reasoning for frontend devs

Get up to speed on Google’s latest breakthrough with the Gemini 2.5 model and what it means for the future of frontend AI tools.

Chizaram Ken
May 29, 2025 â‹… 5 min read
Exploring The Top Rust Web Frameworks

Exploring the top Rust web frameworks

In this article, we’ll explore the best Rust frameworks for web development, including Actix Web, Rocket, Axum, warp, Leptos, Cot, and Loco.

Abiodun Solomon
May 28, 2025 â‹… 11 min read
View all posts

2 Replies to "How to use AccessControl for RBAC and ABAC in Node.js"

  1. I’m glad I found this, thanks Godwin!

    Few comments/questions:
    – AccessControl was last published in February 2018. Is it still active?
    – I was confused until I realized that “post” was a resource and not a route or http method. It would be less confusing if the example resource was “article” or “video.”
    – At the beginning it states “A user can have multiple roles” but the example with Express contains “ac.can(req.user.role).readAny(‘post’)”. Can req.user.role be an array of roles?
    – There is a JSON typo: ‘read:any’: [‘*’, ‘!id]

Leave a Reply