# Basic start in how to use rabac as BE Create all the necessary stuff in rabac: 1. ask for user engineer to add your role as admin rabac in `rg_rabac` database `user_roles` table 2. get the postman API collection with `rogu postman subcribe rg-rabac` 3. read rabac documentation to help better understand how it works https://ruanggguru.atlassian.net/wiki/spaces/SD/pages/71761950/RG+Role-Based+Access+Control+RBAC 4. get token for accessing the API (need accessToken, can get it from `rg-auth`.. can also be done by login to ruangguru web, get token from cookie) 5. create tenant 6. create permission for tenant 7. create role for tenant 8. assign permission to tenant 9. assign the role to user (use rg `uoc`) note: - how to get `serial` for `permission/role`? use API for getRoles and getPermissions - how to get find`fullMethod` in permission?? for `grpc` we can find it on `protoName.pb.morse` example: ```go type fullMethods struct { DiffCheck string } // FMs is variable definition of existing full methods // to simplify get full method of existed gRPC methods var FMs = fullMethods{ DiffCheck: "/graderPlagiarismViewer.graderPlagiarismViewer/DiffCheck", } ``` Integrate with the service: 1. can read example from here https://github.com/ruang-guru/source/blob/main/skillacademy-notification/main.go note: - now the service will check if role in `accessToken` is allowed to access the endpoint by checking in: - service proto `allowed role` - Check if user `uoc` has role that has permission to access the specified endpoint (check table `user_roles` -> `roles` -> `permissions`) - the service has permission to access the endpoint (check table `permissions`)