Skip to content

Series

Authorization in Practice

Ongoing · 1 part in engineering

Who can do what, and how you prove it — roles vs attributes, policy tests that hold the line, multi-tenant isolation, audit trails, and what happens when permissions become a graph.

  1. 1 RBAC vs ABAC: Roles, Attributes, and Where Each One Breaks RBAC answers 'what kind of user is this'; ABAC answers 'can this user do this thing, right now, to this row.' Where role checks stop scaling, where attribute policies get hard to audit, and the hybrid every real app lands on — with Laravel examples.