Skip to main content

Advanced

Audit logging

Capture access checks and changes (upserts/deletes) by registering a custom audit sink.

using PrimusSaaS.Rbac;

public sealed class ConsoleRbacAuditSink : IRbacAuditSink
{
    public void Record(RbacAuditEvent auditEvent)
    {
        Console.WriteLine($"{auditEvent.Timestamp:o} {auditEvent.EventType} {auditEvent.TargetType}:{auditEvent.TargetId}");
    }
}

builder.Services.AddSingleton<IRbacAuditSink, ConsoleRbacAuditSink>();

Role hierarchy (multiple parents)

By default, RBAC uses a strict tree (a role can inherit from a single parent). If you need multiple parents, enable it in configuration.

{
  "Rbac": {
    "AllowMultipleInheritance": true
  }
}

Condition operators

These operators are supported for permission conditions:

eq, equals, =
ne, neq, not_equals, !=
in
contains
starts_with
ends_with
gt, gte, ge
lt, lte, le
exists, not_exists

Audit logging
Role hierarchy (multiple parents)
Condition operators