IStrictOptions
Defined in: src/types/IAccessControlOptions.ts:18
Strict-mode switches. policy.strict may also be a boolean: true =
all on, false = all lenient.
Properties
Section titled “Properties”checks?
Section titled “checks?”
optionalchecks?:boolean
Defined in: src/types/IAccessControlOptions.ts:25
Governs own checks when a resolver IS configured but ownership can’t be
verified — record/owner missing. true (default): deny (secure).
false: v2 behavior — resolve the own attribute set, ownership left to
the consumer. (With no resolver configured, own is never gated.)
roles?
Section titled “roles?”
optionalroles?:boolean
Defined in: src/types/IAccessControlOptions.ts:31
Throw on an unknown role at check time. true (default) matches
the existing throw-on-unknown-role behavior; false ⇒ unknown role
contributes nothing (no throw).
actions?
Section titled “actions?”
optionalactions?:boolean
Defined in: src/types/IAccessControlOptions.ts:41
Throw on an unknown action at check time instead of silently returning
granted:false. Default false (an ungranted action denies, it doesn’t
throw). Enable to catch typos — best paired with setup({ actions })
declaring your full vocabulary, so only true typos throw (a declared-but-
ungranted action still returns granted:false). The known set = CRUD ∪
actions present in the grants ∪ declared setup({ actions }) ∪
IPolicy.actions; CRUD verbs are always known.
resources?
Section titled “resources?”
optionalresources?:boolean
Defined in: src/types/IAccessControlOptions.ts:49
Throw on an unknown resource at check time instead of silently returning
granted:false. Default false (an ungranted resource denies, it
doesn’t throw). Enable to catch typos — best paired with setup({ resources })
declaring your vocabulary. Known set = resources present in the grants ∪
declared vocabulary ∪ IPolicy.resources.