How does this skill handle the Principle of Least Privilege?

The skill is built on a 'default deny' strategy, meaning users are granted the minimum permissions necessary for their tasks and all requests must be explicitly validated before access is granted.

What is the difference between RBAC and ABAC in this skill?

RBAC assigns permissions to roles (e.g., Admin or User), while ABAC uses specific attributes—such as resource ownership, time of day, or IP address—to make more granular access decisions.

Can I use this skill with frameworks other than Fastify?

Yes. While the middleware examples are shown for Fastify, the core logic for role definitions, permission checking, and policy evaluation is written in standard TypeScript and can be easily adapted for Express, NestJS, or Koa.

Does this include authentication logic?

No, this skill focuses specifically on authorization (determining what an identified user is allowed to do) rather than authentication (verifying who a user is).

Authorization Patterns & Access Control

Name: Authorization Patterns & Access Control
Author: IvanTorresEdge

byIvanTorresEdge

0•

Security & Testing

Implement robust RBAC and ABAC security patterns for Node.js applications using industry best practices.

This skill provides comprehensive patterns and implementation guides for securing applications through Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). It facilitates the creation of permission guards, authorization middleware, and centralized policy definitions, ensuring your software adheres to the principle of least privilege. Ideal for developers building RESTful APIs or complex backend systems, it offers ready-to-use TypeScript examples for defining roles, checking permissions, and managing resource-level access while maintaining a 'default deny' security posture.

Key Features

010 GitHub stars

02Centralized permission and policy management

03Attribute-Based Access Control (ABAC) logic

04Fastify-compatible authorization middleware

05Scope-based authorization patterns

06Role-Based Access Control (RBAC) implementation

Use Cases

01Protecting API endpoints based on hierarchical user roles

02Implementing owner-only resource modification logic

03Setting up environment-specific or time-based access rules

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ivantorresedge/molcajete.ai authorization-patterns

For use in Claude.ai and ChatGPT

Download Skill