PermissionsRegistryService.addResourceType()
Home > @backstage/backend-plugin-api > PermissionsRegistryService > addResourceType
Add a new resource type that is owned by this plugin to the permission system.
Signature:
addResourceType<const TResourceType extends string, TResource>(options: PermissionsRegistryServiceAddResourceTypeOptions<TResourceType, TResource>): void;
Parameters
|
Parameter |
Type |
Description |
|---|---|---|
|
options |
PermissionsRegistryServiceAddResourceTypeOptions<TResourceType, TResource> |
void
Remarks
To make this concrete, we can use the Backstage software catalog as an example. The catalog has conditional rules around access to specific _entities_ in the catalog. The _type_ of resource is captured here as resourceType, a string identifier (catalog-entity in this example) that can be provided with permission definitions. This is merely a _type_ to verify that conditions in an authorization policy are constructed correctly, not a reference to a specific resource.
The rules parameter is an array of PermissionRules that introduce conditional filtering logic for resources; for the catalog, these are things like isEntityOwner or hasAnnotation. Rules describe how to filter a list of resources, and the conditions returned allow these rules to be applied with specific parameters (such as 'group:default/team-a', or 'backstage.io/edit-url').
The getResources argument should load resources based on a reference identifier. For the catalog, this is an [entity reference](https://backstage.io/docs/features/software-catalog/references\#string-references). For other plugins, this can be any serialized format. This is used to add a permissions registry API via the HTTP router service. This API will be called by the permission-backend when authorization conditions relating to this plugin need to be evaluated.