Resources
Resources are the things you want to protect — documents, dashboards, API endpoints, database records, or anything else.
Resource types
Before creating resources, define a resource type. A resource type is a blueprint that specifies:
- Name — The category (e.g.,
document,dashboard,contact) - Actions — What can be done with this type (e.g.,
read,write,delete,share) - Attribute definitions — Expected attributes on resources of this type (optional)
Example resource type:
{
"name": "document",
"actions": ["read", "write", "delete", "share"],
"attribute_definitions": [
{ "key": "classification", "type": "string" },
{ "key": "department", "type": "string" }
]
}
When you define attribute definitions on a resource type, the console auto-populates a dropdown when editing resources of that type and when building ABAC conditions.
Resources
A resource is a specific instance of a resource type — Engineering Wiki is a resource of type document, invoice-8821 is a resource of type invoice. Resources can be referenced by UUID or by type + name; name-based lookup avoids hardcoding IDs in your code.
Resource attributes in conditions
Resource attributes can be used in ABAC conditions to create fine-grained policies — for example, matching only resources where classification equals confidential, or comparing the resource's department against the subject's department.
Attributes stored on a resource are automatically included when Vengtoo evaluates an access request for it. You can also pass attributes in the request body — request-provided values take precedence over stored values.
Related
- ABAC Conditions — Using resource attributes in policy conditions.
- Policies — Assigning policies to resources.
- Namespaces — Resources belong to a namespace.