Connectum API Reference / @connectum/auth / AuthzRule

Interface: AuthzRule

Defined in: packages/auth/src/types.ts:81

Authorization rule definition.

When a rule has requires, the match semantics are:

• roles: "any-of" -- the user must have at least one of the listed roles.
• scopes: "all-of" -- the user must have every listed scope.

Properties

effect

readonly effect: AuthzEffect

Defined in: packages/auth/src/types.ts:87

Effect when rule matches

---

methods

readonly methods: readonly string[]

Defined in: packages/auth/src/types.ts:85

Method patterns to match (e.g., "admin.v1.AdminService/*", "user.v1.UserService/DeleteUser")

---

name

readonly name: string

Defined in: packages/auth/src/types.ts:83

Rule name for logging/debugging

---

requires?

readonly optional requires: object

Defined in: packages/auth/src/types.ts:94

Required roles/scopes for this rule.

• roles uses "any-of" semantics: user needs at least one of the listed roles.
• scopes uses "all-of" semantics: user needs every listed scope.

roles?

readonly optional roles: readonly string[]

scopes?

readonly optional scopes: readonly string[]