Base solution for your next web application
Open Closed

Role-Permission Templating #10538


User avatar
0
SelfSwapAdmin created

ASP.NET Zero 10.2 Angular 10/.NET Core 5

I am building a mutli-tenant SAAS. A "SiteAdmin" (No tenant) will have access to everything including custom app lookup tables etc which span tenancy.

Users will be able to self-suscribe to a free subscription level which would grant them a TenantAdmin role that has limited admin scope (like adding additional users within the tenancy) and also a StandardUser role which gives access to the free functionality.

When a subscription is upgraded to a paid version, or the SiteAdmin grants access to a feature set, an additional role or roles would be assigned to the set of tenant users in a tenancy.

Is there a recommended approach to templating these role-permission sets so that they can be easily added?


5 Answer(s)
  • User Avatar
    0
    musa.demir created

    Hi @SelfSwapAdmin AspNet Zero does not support user based subscription. But you can create tenant for every user that subscribe. than remove tenant's user management role so that they can not add new users to system.

  • User Avatar
    0
    SelfSwapAdmin created

    Could you please elaborate on what you mean by "AspNet Zero does not support user based subscription.". That sounds bad somehow and I would like to understand better what you are saying. Thank you.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @SelfSwapAdmin

    Roles are basically the set of permissions. By default, when a user (Tenant) upgrades to a higher package, only the tenant's Edition is changed. In your case, you need to manually assign a new role to users in a tenant with specific role. There is no automatic way of this in AspNet Zero. So, you should do it manually when the upgrade is suceeded.

  • User Avatar
    0
    SelfSwapAdmin created

    Thank you. I really appreciate the clarification. I'm really short on time. I have a lot of experience with custom RBAC's but need to understand how Zero works and what it's limits are.

    Does the subscribed edition therefore enable access to additional features via the "Discriminator" field then? And those associated permissions would need to be assign to an existing or new role granted to the subscribed user?

    Would these essentially be additive to the pre-existing permissions? If we wanted to create several levels of subscriptions like Gold, Platinum and Diamond, right now would we have to duplicate the permissions of Gold into Platinum's Discriminator, and Platinum's permissions into Diamond's?

    Is "RolePermissionSetting" a magic word that is not filtered by an Edition? Or am I missing something?

    To me it looks like I need to build a mapping apparatus used to assign designated permission-sets to roles which our enrollment and subscription upgrade will automatically assign. Basically it will list the permissions for each possible role and create them, if they do not already exist. Upon downgrade it could be used to remove (clean up) the Permissions table, and be used to sync up version upgrades if we add new persmissions into an existing role. Does any of this make sense?

    In the longer term I might repurpose that Discriminator column, if I understand it correctly, to reference a cross-reference table that maps out a non duplicated set of role-permission assignments. Again, make any sense to you?

    Thank you!!

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Actually Editions and Permissions are two separate concept in AspNet Zero. Editions are groups of Features, see https://aspnetboilerplate.com/Pages/Documents/Feature-Management. So, and Edition (set of features) is assigned to a Tenant and that specific Tenant will have access to all Features on that Edition.

    On the other hand, Roles are group of permissions and Roles are assigned to users.

    When you want to restrict functionality for a Tenant, you need to use Editions and Features. When you want to restrict functionality for a User, you need to use Roles and Permisisons.

    Maybe, in your case, using Editions will be a better choice. In your scenario, the subscriber user is similar to Tenant admin user.