Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Role Hierarchy #6786


User avatar
0
northwood created

I am developing a multi-tenant site and each tenant will have 3 roles: SuperUser (admin), CustomerAdmin and User. The idea is that the SuperUser role will be used by IT and have global permissions within the tenant. The CustomerAdmin role will be assigned to designated users at our various customers so they can mange their own users and the User role will just be a basic role to use the site with no admin menu options.

The issue I am having is that if I assign CRUD permissions for the CustomerAdmin group, they can modify users in the SuperUser group. Is there a way to block a certain role for another, or create some sort of hierarchical role system where roles on the lower rungs of the hierarchy cannot modify/view roles and permissions higher up.

Thanks Adam


1 Answer(s)
  • User Avatar
    0
    ryancyq created
    Support Team

    Hi, currently there isn't such logic exists in ANZ.

    You can try creating SuperUser as static role with a predefined name (not displayName). Then, when upating a role, check for current logged in user's permission the role to modify with the static role SuperUser

    If you face any issues, you can post it here and we will try to help.