authorizationBuild secure access control with RBAC, ABAC, permissions, policies, and scope-based authorization.
Install via ClawdBot CLI:
clawdbot install ivangdavila/authorizationGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://clawic.com/skills/authorizationAudited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A company building a multi-tenant SaaS application needs to control user access across different organizations and roles. This skill helps implement RBAC for organizational hierarchies and ABAC for dynamic context-based rules, ensuring secure access control for features like document editing and team management.
A healthcare provider requires strict access control to patient records based on roles (e.g., doctors, nurses) and dynamic policies (e.g., emergency access). This skill supports scope-based authorization to enforce privacy regulations like HIPAA, allowing permissions such as 'records:view:own' or 'records:edit:team'.
An online retailer needs to manage permissions for staff handling orders, inventory, and customer support. Using this skill, they can design role hierarchies (e.g., admin, manager, support) with clear permission naming like 'orders:update:all' to prevent unauthorized changes and audit access logs.
A team collaboration platform requires fine-grained access control for document sharing and editing based on user relationships. This skill enables ReBAC patterns for social graphs and ABAC for dynamic rules, ensuring users can only edit documents they own or are shared within their team.
Companies offer tiered subscription plans with different access levels (e.g., free, premium, enterprise). This skill helps implement permission-based features, allowing upselling through enhanced roles and policies while maintaining security with server-side verification.
Agencies or freelancers use this skill to build secure authorization systems for clients in industries like finance or healthcare. They charge for design, implementation, and auditing services, leveraging the skill's patterns to reduce development time and ensure compliance.
Developers release the authorization skill as open-source to build community trust, then monetize through paid support, training, or enterprise features. This model attracts users who need reliable access control but require assistance with complex ABAC implementations.
💬 Integration Tip
Start with simple RBAC for basic role hierarchies, then gradually introduce ABAC for dynamic rules; always verify permissions server-side to avoid security vulnerabilities from frontend-only checks.
Scored Apr 18, 2026
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
gws CLI: Shared patterns for authentication, global flags, and output formatting.
Set up Gmail API access via gog CLI with manual OAuth flow. Use when setting up Gmail integration, renewing expired OAuth tokens, or troubleshooting Gmail authentication on headless servers.
Automate OAuth login flows with user confirmation via Telegram. Supports 7 providers: Google, Apple, Microsoft, GitHub, Discord, WeChat, QQ. Features: - Auto-detect available OAuth options on login pages - Ask user to choose via Telegram when multiple options exist - Confirm before authorizing - Handle account selection and consent pages automatically
Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js. Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits, Expo crashes, additionalFields bugs.
OAuth token refresh management for Google APIs via gog CLI.