Base solution for your next web application
Open Closed

Various role management scenarios #11926


User avatar
0
flaskone created

Is it possible to prepare such a scenario and is it a good direction:

User logged as the host:

  • creates roles for Tenants,
  • assigns permissions to roles,
  • can see all roles for all tenants, edit, delete, etc.,

User logged within particular tenant:

  • can see only roles
  • (admin of tenant) can assign a user to roles (roles should work additively - if the user has 2 roles, it is enough some permission is granted only in one of them)

5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @flaskone

    If I understand correctly, AspNet Zero supports this scenario out of the box.

    is it a good direction

    This depends on your needs.

  • User Avatar
    0
    flaskone created

    Can this be done in the settings or does it need to be programmed? If coding, how do you approach it? Are there any tips?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Maybe I couldn't understand the question properly. If I understand correctly, these can be done via UI by opening the roles page and grand specific permissions to roles and assigning these roles to specific users.

  • User Avatar
    0
    flaskone created

    We would like to give tenants only limited option to manage permissions / roles. As part of the process, we have very granular permissions created in the solution, while only very limited part should be avaible for tenant to manage.

    That is why we considered to deny tenants access to manage permissions but let them only manage some selected set or roles (which role configuration would remain on host level) but as far as we understand, assigning permissions to roles for particular tenants cannot be managed centrally on host level ? (could you please confirm) ?

    So the scenario would be as follows: Host user can predefine and configure roles that could be used on the tenant level tenant user can assign a role to particular users but cannot see / edit granular permissions Or alternatively can we somehow filter the list of permissions available for tenant to configure to avoid confusion ?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thanks, got it now. So, when a host user uses impersonation and logins as a tenant user, then this user will have no limitation. But, if a tenant user logins directly, there will be limitations.

    I think you can check AbpSession.ImpersonatorTenantId and adjust your logic depending on this value on roles page and roles permissions modal.

    You also need to modify user permissions modal as well.