2020-10-02
1124
#node
Godwin Ekuma
26047
Oct 2, 2020 â‹… 4 min read

How to use AccessControl for RBAC and ABAC in Node.js

Godwin Ekuma I learn so that I can solve problems.

Recent posts:

Glowing 3D cube with the MediaPipe and React logos overlaid, symbolizing integration of AI and web development

How to build better AI apps in React with MediaPipe’s latest APIs

Learn how to integrate MediaPipe’s Tasks API into a React app for fast, in-browser object detection using your webcam.

Emmanuel John
Jul 17, 2025 â‹… 10 min read
Vercel AI SDK logo on a 3D black grid background

How to build unified AI interfaces using the Vercel AI SDK

Integrating AI into modern frontend apps can be messy. This tutorial shows how the Vercel AI SDK simplifies it all, with streaming, multimodal input, and generative UI.

Ikeh Akinyemi
Jul 16, 2025 â‹… 13 min read
how to prepare for a software engineering interview

How to prep for a software dev interview: Advice from a dev leader

Interviewing for a software engineering role? Hear from a senior dev leader on what he looks for in candidates, and how to prepare yourself.

Andrew Evans
Jul 16, 2025 â‹… 12 min read
Next.js Real-Time Video Streaming: HLS.js And Alternatives

Next.js real-time video streaming: HLS.js and alternatives

Set up real-time video streaming in Next.js using HLS.js and alternatives, exploring integration, adaptive streaming, and token-based authentication.

Jude Miracle
Jul 15, 2025 â‹… 19 min read
View all posts

2 Replies to "How to use AccessControl for RBAC and ABAC in Node.js"

  1. I’m glad I found this, thanks Godwin!

    Few comments/questions:
    – AccessControl was last published in February 2018. Is it still active?
    – I was confused until I realized that “post” was a resource and not a route or http method. It would be less confusing if the example resource was “article” or “video.”
    – At the beginning it states “A user can have multiple roles” but the example with Express contains “ac.can(req.user.role).readAny(‘post’)”. Can req.user.role be an array of roles?
    – There is a JSON typo: ‘read:any’: [‘*’, ‘!id]

Leave a Reply