Skip to content

Resources

In Just Auth, resources are the entities that you want to protect with access policies. Each resource represents a specific data access point or system that you want to control and audit.

Resource Structure

A resource in Just Auth consists of the following components:

  1. Name: A unique identifier for the resource.
  2. URI Regex Pattern: A regular expression that matches the URI of the resource.
  3. Associated Policies: A set of policies that are applied to the resource.
  4. Policy Evaluation Mode: Determines whether ALL or ANY of the associated policies need to pass for access to be allowed.
  5. Type: Categorizes the resource (e.g., GCP_RESOURCE, AWS_RESOURCE).

Note: Both the resource type and the URI regex match are available within the policies for use in access control decisions. For more information on how to use these in policies, refer to the Policies documentation.

Resource Hierarchy

Resources in Just Auth are organized in a tree structure. This hierarchical organization allows for efficient management and inheritance of properties:

  1. Resources can have parent-child relationships.
  2. Child resources inherit policies and types from their parents.
  3. Inherited properties can be overridden at the child level if needed.
  4. Deletion of a parent resource automatically deletes all its child resources.

This structure enables you to define broad policies at higher levels and more specific policies at lower levels of the resource tree.

Resource Types

Resources are categorized into types, such as:

  • GCP_RESOURCE
  • AWS_RESOURCE
  • CLI_RESOURCE
  • DATABASE_RESOURCE

These types help in organizing and applying relevant policies to similar resources.

Privilege Levels

Resource types also have an associated privilege level(0-9) with 0 being least privileged and 9 the most.

Policy and Type Inheritance

  1. Policies defined at a parent resource are automatically applied to all its child resources.
  2. The resource type is inherited from the parent unless explicitly overridden.
  3. Child resources can add additional policies or override inherited ones.

This inheritance model allows for efficient policy management across your resource tree.

Resource Presets

Just Auth provides a number of resource presets for common systems used to access data. These presets can be used as-is or customized to fit your specific needs. Presets are available for various categories of systems:

Cloud Platforms

  • Google Cloud Platform (GCP)
  • Amazon Web Services (AWS)

CRM and Marketing Platforms

  • HubSpot

Productivity Suites

  • Office 365
  • Google Workspace

These presets provide a starting point for protecting common systems. You can customize the policies and evaluation mode to fit your organization's specific security requirements.