Hi,

I am evaluating okta for securing our web applications. I am curious to know how fine grained access control can be implemented on the API endpoints and on the presentation layer using Okta authorization.

Below is sample use case and the access control matrix

User Group Permissions (Fine grained)

========================================================

Bob Inventory Management Inventory.Read

----------------------------------------------------------------------------------------------

Tim Inventory Management Inventory.Read

Inventory.Write

Inventory.Delete

----------------------------------------------------------------------------------------------

Andrew Procurement

Inventory Management Inventory.Read

---------------------------------------------------------------------------------------------

John Stores

Inventory Management Inventory.Read

----------------------------------------------------------------------------------------------

And below are the application API end points

Endpoint Http Verb MethodName

http://localhost/InventoryItems HttpGet GetAllInventoryItems

http://localhost/InventoryItems HttpPost AddInventoryItems

http://localhost/InventoryItems/1001 HttpDelete DeleteInventoryItem

To get all inventory items the user should have the Inventory.Read permission

To add new inventory item the user should have the Inventory.Write permission

To delete an inventory item the user should have the Inventory.Delete permission

Is this something that can be achieved with okta authorization?

If yes how can i define those permissions and how that can be associated with a user or groups?

Does okta has an interface to manage these fine grained permissions for an user?

Thanks,

Raj