Good evening everyone,
I'm working on user management scenario and having trouble when manage users and permissions with tenant.
I haven't had much experience with this stuff, so anyone please give me some advice!
Let's say, I'm a Host admin user (superadmin) and my site has 2 tenants - with two tenant admin user (admin1 and admin2).
So I have some questions for this stuff in the real world.
1/ Is the superadmin should(can) manage all host users and tenant users? 2/ If (1) is not, so, how can we change/set permissions for tenant admin to access some features? 3/ with module zero, could I show all system users if current logged in user is host user but when he/she change permissions for selected user, system can only show the appropriate permissions with editing user? I mean if editing user is another host user system will display host permissions for selecting otherwise if editing user is tenant user, system will only show tenant permissions.
Thanks everyone, Ho Le
4 Answer(s)
-
0
Hi,
Module Zero (Abp.Zero) provides domain logic. Most of your needs application requirements, all they are possible but I can not explain all in detail, it's detailed.
- I thought tenant users should be managed by tenant admin while designing it. But, that's also possible. You can disable IMayHaveTenantFilter and get all users of all tenants. This is exactly documented here: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/User-Management#multi-tenancy">http://www.aspnetboilerplate.com/Pages/ ... ti-tenancy</a> (see TestMethod_3).
- UserManager has methods to change permissions. You should first switch to desired tenant (see TestMethod_2) and perform operation on any user.
- This is application specific. You can check if a user is host. Also, permission system allows you to define, change and check permissions. So, you can do anything by combining them. I suggest you to check authorization document for it: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a>
-
0
Hi hikalkan,
Thanks for your advice.
Please give me some specific domain business!
Let's say that I'm gonna follow module-zero designing, so in the user management page we don't show any tenant users, then I need to add one option called "Change admin permissions" to tenant management to modify the permissions for tenant admin user. Am I right?
Thanks, Ho Le
-
0
Hi,
Tenant admin user should have all permissions. Do not remove any permission. Tenant admin can controler tenant's user permissions. If you restrict tenants from some features, use edition & feature system (<a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Feature-Management">http://www.aspnetboilerplate.com/Pages/ ... Management</a>).
-
0
Hi Hikalkan,
Thanks in advance