Authorization & RBAC
Role-based access control, custom guards, decorators, permissions, resource ownership
1What is RBAC (Role-Based Access Control)?
What is RBAC (Role-Based Access Control)?
답변
RBAC is an access control system that grants permissions to users based on their roles. Instead of managing permissions individually for each user, RBAC groups permissions into roles (e.g., ADMIN, USER, MANAGER) and assigns these roles to users. This simplifies access management in applications, particularly useful in NestJS with custom guards and metadata decorators.
2What is the difference between authentication and authorization?
What is the difference between authentication and authorization?
답변
Authentication verifies the user's identity (who are you?), typically via login/password or JWT token. Authorization verifies the user's permissions (what can you do?), controlling access to resources based on roles or permissions. In NestJS, authentication often uses JwtAuthGuard, while authorization uses custom guards like RolesGuard to check access rights.
3Which NestJS decorator allows creating a custom guard?
Which NestJS decorator allows creating a custom guard?
답변
To create a custom guard in NestJS, create a class decorated with @Injectable() that implements the CanActivate interface. This interface requires the canActivate(context: ExecutionContext) method that returns a boolean or Promise. The guard can then be applied to routes with @UseGuards(). This architecture allows injecting dependencies (services, repositories) into the guard to perform complex validations.
In RBAC, what does a 'permission' represent?
How to attach a guard to a controller in NestJS?
+17 면접 질문