ABP Framework's built-in RBAC handles type-level permissions but cannot restrict access to individual resource instances. Resource-Based Authorization solves this by binding permissions to specific entity instances (e.g., a single book). Setup involves defining resource permissions with `AddResourcePermission`, wiring up a built-in UI modal for administrators to grant/revoke access per resource, and calling `AuthorizationService.CheckAsync` or `IsGrantedAsync` in application services to enforce those permissions at runtime. A cleanup step using `_resourcePermissionManager.DeleteAsync` is also required when deleting resources to avoid orphaned permission records.
Table of contents
How It WorksSetting It UpChecking Permissions in CodeDon't Forget to Clean UpSummaryReferencesSort: