Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Permission inheritance from role #726


User avatar
0
noah created

It appears that in ABP authorization, if a user is a member of a role that is granted permission X, but doesn't have permission X granted directly on his user record, that the result is to deny X.

Is this correct? Shouldn't a user automatically inherit all the permissions for his assigned role(s)? In particular, if I later add a new new permission to a role, I would expect all the role members to be granted that permission. This doesn't seem to be the case now.


2 Answer(s)
  • User Avatar
    0
    noah created

    After some further testing I notice that user permission inheritance from role does seem to work for users I create but is broken for the built-in "admin" account where I first noticed the unexpected behavior.

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    I works a you expected. I could not repeat the problem. For simple test;

    • I created a demo from aspnetzero.com
    • Logged in, go to roles page
    • Edit Admin role and removed a permission (for example, audit log page).
    • Refresh the page and see that audit log page is removed from menu.
    • Re-edit Admin role and added audit log page.
    • Refresh the page and see that audit log page is in the menu.

    Maybe you did not refresh the page (for SPA, it's needed since client caches permissions).