#Is there any guide to implementing Attribute-Based Access Control (ABAC) with Permissions in NestJS?

To build my own app, I want to get some knowledge how to implement ABAC or any role-based permission for my controllers.
For example profile will be available for all, but setting will be available for Admin only, and for example sales will be for Sales and Admins.
Where can I see a good example or guide to implement that in my code?

abac is a little bit more complex then your typical role check
nest has a guide implementing casl
if this lib isn't your cup of tea

here are some alternatives

• oso
• casbin
• express-acl
• acl

where i find casbin pretty interesting in particular

There is a very interesting repository that shows an example of integrating NestJS with ABAC, you can see it here

Thank you for making things clear, I was confused and you cleared my goal.
I'm looking for RBAC, and not ABAC, which is the example of casl you provided.
But seems the guard is a different module than auth, and this example does not provide a complete guide on how to use the passport recipe (https://docs.nestjs.com/recipes/passport#customize-passport) with RBAC

Glad to hear i could help
I can see your confusion,
All these names that look alike
I mess them up as well from time to time

rbac and abac are part of authorization
(Checking permissions)

Passport is authentication
(Logging in)

If you are looking for rbac i can send a few suggestions but the most simple one is storing a user role in the database

It is kinda late now, i will continue later feel free to ask

Hi
During the part of:

    const { user } = context.switchToHttp().getRequest();

In here: https://docs.nestjs.com/security/authentication
We assume the client will use user in the header? I'm not sure why this field is empty in my case, I'm only debug with postman currently.