{"id":17506207,"url":"https://github.com/64j0/authz-sql-poc","last_synced_at":"2026-02-03T03:38:30.819Z","repository":{"id":258436511,"uuid":"873908677","full_name":"64J0/authz-sql-poc","owner":"64J0","description":"Authz system POC using SQL","archived":false,"fork":false,"pushed_at":"2024-10-18T19:13:37.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-10T04:47:07.716Z","etag":null,"topics":["authz","fsharp","sql"],"latest_commit_sha":null,"homepage":"","language":"F#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/64J0.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-16T23:43:04.000Z","updated_at":"2024-10-18T19:13:41.000Z","dependencies_parsed_at":"2024-10-21T18:02:45.163Z","dependency_job_id":null,"html_url":"https://github.com/64J0/authz-sql-poc","commit_stats":null,"previous_names":["64j0/authz-sql-poc"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/64J0%2Fauthz-sql-poc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/64J0%2Fauthz-sql-poc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/64J0%2Fauthz-sql-poc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/64J0%2Fauthz-sql-poc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/64J0","download_url":"https://codeload.github.com/64J0/authz-sql-poc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248334499,"owners_count":21086405,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authz","fsharp","sql"],"created_at":"2024-10-20T03:14:37.127Z","updated_at":"2026-02-03T03:38:30.786Z","avatar_url":"https://github.com/64J0.png","language":"F#","readme":"#+TITLE: AuthZ POC\n#+DATE: [2024-10-14 seg]\n\nThis repository holds the code of a POC showing how an authorization (~authz~)\nsystem could be implemented using PostgreSQL (~SQL~). This system was inspired\nby Microsoft Azure's Role-Based Access Control (~RBAC~) structure.\n\n+ tenant -\u003e resource_group -\u003e { virtual_machine, blob_storage, managed_k8s }\n\n** How to use\n\n#+BEGIN_SRC bash\n  make start-db\n  \n  make migrate\n\n  # open your dbms and connect to the database\n  # there's a connection string at the f# code\n#+END_SRC\n\nAfter setting up the project, you can run queries like this to verify the\nauthorization rules:\n\n#+BEGIN_SRC sql :tangle no\n  -- GET ALL MEMBERS OF A TENANT\n  select distinct U.EMAIL\n  from USERS as U\n  join TENANT_USER_PERMISSIONS as TU\n  on TU.EMAIL = U.EMAIL\n  join TENANTS as T\n  on T.ID = TU.TENANT\n  where T.NAME = 'Microsoft';\n\n  -- =====================================================\n  -- CHECK IF THE USER HAS A PERMISSION ON A TENANT\n  -- CASE: FALSE\n  select COUNT(U.EMAIL)\n  from USERS as U\n  join TENANT_USER_PERMISSIONS as TU\n  on TU.EMAIL = U.EMAIL\n  join TENANTS as T\n  on T.ID = TU.TENANT\n  where\n  \tT.NAME = 'Microsoft'\n  \tand TU.PERMISSION = 'Admin'\n  \tand U.EMAIL = 'joe@gmail.com';\n\n  -- CASE: TRUE\n  select COUNT(U.EMAIL)\n  from USERS as U\n  join TENANT_USER_PERMISSIONS as TU\n  on TU.EMAIL = U.EMAIL\n  join TENANTS as T\n  on T.ID = TU.TENANT\n  where\n  \tT.NAME = 'Microsoft'\n  \tand TU.PERMISSION = 'Admin'\n  \tand U.EMAIL = 'john@gmail.com';\n\n  -- =====================================================\n  -- GET ALL MEMBERS OF A RESOURCE GROUP\n  select distinct(EMAIL)\n  from\n  (\n  \tselect U.EMAIL\n  \tfrom USERS as U\n  \tjoin TENANT_USER_PERMISSIONS as TU\n    \t  on TU.EMAIL = U.EMAIL\n  \tjoin TENANTS as T\n    \t  on T.ID = TU.TENANT\n  \tjoin RESOURCE_GROUPS as RG\n    \t  on RG.TENANT_OWNER = T.ID\n  \twhere\n  \t\tRG.NAME = 'rg-amaz-project-01'\n  \t\tand TU.PERMISSION = 'Admin'\n  ) -- admins at the tenant level are members of the resource group\n  union \n  (\n  \tselect U.EMAIL\n  \tfrom USERS as U\n  \tjoin RESOURCE_GROUP_USER_PERMISSIONS as RGU\n  \ton RGU.USER_EMAIL = U.EMAIL\n  \tjoin RESOURCE_GROUPS as RG\n  \ton RG.ID = RGU.RESOURCE_GROUP\n  \twhere\n  \t\tRG.NAME = 'rg-amaz-project-01'\n  );\n#+END_SRC\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F64j0%2Fauthz-sql-poc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F64j0%2Fauthz-sql-poc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F64j0%2Fauthz-sql-poc/lists"}