Prisma

Are there any blueprints/best practices for implementing RBAC/ABAC access authorization on a database level for Prisma (e.g. as part of schema definitions or query interceptors)?

I haven't tried it yet, but this is the best thing out there for nodejs according to my knowledge:

<https://casl.js.org/v5/en>

I don't think theres much you can do beyond adding a `Role` enum or some other role/tag. You can add hooks to prisma with `prisma.$use`  if you'd like

Personally I am not sure it's right to mix your DAL with your permission logic, but I'm sure you made your business considerations

in continuation with Omar above me, casl has a <https://casl.js.org/v5/en/package/casl-prisma|prisma plugin>

<@UUEG03LHF>, <@U03BQD9EGG5> Thank you both, I definitely will look into CASL. I already also have <https://github.com/casbin/node-casbin|Casbin> and <https://github.com/simon-barton/node-abac|node-abac> on my radar, but having a Prisma plugin available as for CASL looks interesting.

Hey Rainer :wave:

Just to add to what Omar and Yuval suggested, you should have a look at <http://cerbos.dev|cerbos.dev> as well, they have a <https://cerbos.dev/ecosystem/cerbos-prisma|Prisma integration> which could be beneficial for you.