I am working on a new AEM site, as part of the architecture I want to perform authorization checks for my user, e.g. if user is allowed to click on a CTA etc, is user allowed to read dynamic field value etc.
My users will be coming from an external CIAM/IDP provider.
Does AEM provide any documentation, references, or OOTB integration with the Authorization Framework? Like Zanzibar, Auth0 FGA etc?
That's my challenge my Object repository is already defined externally and I am trying to integrate my content with it.
Also this approach would work for a standard role but may face scalability issues:
Check if a user is allowed to redeem a coupon if
1- He/She belongs to the silver tier
2- He/She can redeem a coupon if the coupon is for products A,B, C but not D
3- As a silver tier member allow redeem action for subscriber members only
It becomes challenging to create this sort of authorization data model. Please let me know if I am. missing anything
While the requirements 1 and 3 could be implemented by permissions on a certain operation object in the repository, (2) is much harder to implement.
I could imagine that /content/actions/redeem-a-coupon/product-A could be done and then you would additional permissions on the product-A resource; but I am not sure if this approach scales to your requirements (for example if you have 1000s of products) and also if you have more AND or OR relations with other constraints.
But I think that's the point where you need to think about about a different way to represent your logic. And then maybe the AEM-native capabilities are not a good match anymore.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
