tl;dr:Authorization in a microservices environment becomes more complex. You need to think about: (1) Storing the data—should your authorization data live with application data, or in a separate service? (2) Accessing the data—if the data is separated, how do you bring it together to make the authorization decision? (3) Modeling the data—if authorization data and application data can be the same, how do you find the right format (i.e., data model) that fits all use-cases? Read on to learn more.
tl;dr:RBAC isn't an authorization model — it's a collection of authorization models, and you can apply more or less granularity for roles depending on the needs of your application. Learn about the 10 types of authorization and go a level deeper than the standard abstractions of RBAC, ABAC and ReBAC.
tl;dr:The authorization abstractions of RBAC, ABAC and ReBAC don't do enough to provide engineers with the level of detail they require to solve the needs of your application. Learn about the 10 types of authorization and go a level deeper than the standard definitions of RBAC, ABAC and ReBAC.