Skip to main content

Resources

Resources are the things you want to protect — documents, dashboards, API endpoints, database records, or anything else.

Resource types

Before creating resources, define a resource type. A resource type is a blueprint that specifies:

  • Name — The category (e.g., document, dashboard, contact)
  • Actions — What can be done with this type (e.g., read, write, delete, share)
  • Attribute definitions — Expected attributes on resources of this type (optional)

Example resource type:

{
"name": "document",
"actions": ["read", "write", "delete", "share"],
"attribute_definitions": [
{ "key": "classification", "type": "string" },
{ "key": "department", "type": "string" }
]
}

When you define attribute definitions on a resource type, the console auto-populates a dropdown when editing resources of that type and when building ABAC conditions.

Resources

A resource is a specific instance of a resource type — Engineering Wiki is a resource of type document, invoice-8821 is a resource of type invoice. Resources can be referenced by UUID or by type + name; name-based lookup avoids hardcoding IDs in your code.

Resource attributes in conditions

Resource attributes can be used in ABAC conditions to create fine-grained policies — for example, matching only resources where classification equals confidential, or comparing the resource's department against the subject's department.

Attributes stored on a resource are automatically included when Vengtoo evaluates an access request for it. You can also pass attributes in the request body — request-provided values take precedence over stored values.