How to wrap user roles in a separate protected file?

I

Ivan Stroykin2017-07-12 11:40:34

Angular

Ivan Stroykin, 2017-07-12 11:40:34

Good day,
The application has roles for which I have registered access to both sections and certain parts of the section. Everything works well, but when changing accesses or adding / removing a role, running through all the files is not "ice". Therefore, I decided to put all the roles in JSON so that you can easily make changes in one place. So far, only storing the file in assets came to mind, or taking it when initializing the application from the backend (preferably). But if you use JSON, then it will be in the public domain and easy to change (too easy). Does anyone have any ideas on how to wrap this up better? Maybe some kind of encryption? Thanks

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Blyshko, 2017-07-12
@StivinKing

In the general case, the problem of access control is solved on the backend - directly at the data access level.
If this is done, json will also work on the front - if the attacker replaces it, he will not receive profit from this - even if he enters the closed section, he still cannot do anything.