A few days ago, I published an article that introduced an optimal way to handle permissions in Node.js in its entirety. It's an approach that dismisses you from hard-locking permissions from arbitrary statements like "Pharmacy can perform this," "if (!Pharmacy) throw error," etc. It's a common concept known as Attribute-Based Access Control (ABAC), which you'll find in advanced systems. This article will address why and how to get this done in NestJS. NB: We'll be speaking in NestJS language for the sake of this article. When RBAC Fails Maintainability Imagine you have an app with multiple roles — pharmacy, customer, doctor — and you've handled all the necessary role handling. Enough… @ Roles ( Roles . Pharmacy ) Enter fullscreen mode Exit fullscreen mode And more than enough… @ UseGuard ( RolesGuard ) Enter fullscreen mode Exit fullscreen mode …across your controllers.…