permission-boundary-modeling
CommunityDesign secure object-level authorization.
Authormachenjie
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Prevents privilege escalation, cross-tenant data leakage, IDOR vulnerabilities, and overly broad service account permissions by modeling authorization as explicit subject × resource × action × condition rules enforced server-side.
Core Features & Use Cases
- Object-level authorization modeling: Defines authorization using tenant isolation, resource ownership/scope, lifecycle state constraints, and trusted server-side condition evaluation.
- Deny semantics without data disclosure: Specifies when to return 404 vs 403 to avoid confirming whether restricted resources exist.
- Auditable enforcement guidance: Requires authorization decisions and high-risk mutations to emit append-only audit events including subject, tenant, resource, action, and request context.
Quick Start
Use permission-boundary-modeling to map a proposed API or role/permission change into a complete authorization and enforcement plan that your backend team can implement with correct 404/403 behavior and auditable decisions.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: permission-boundary-modeling Download link: https://github.com/machenjie/rd-skills/archive/main.zip#permission-boundary-modeling Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.