Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

User management help! #983


User avatar
0
hole7 created

Good evening everyone,

I'm working on user management scenario and having trouble when manage users and permissions with tenant.

I haven't had much experience with this stuff, so anyone please give me some advice!

Let's say, I'm a Host admin user (superadmin) and my site has 2 tenants - with two tenant admin user (admin1 and admin2).

So I have some questions for this stuff in the real world.

1/ Is the superadmin should(can) manage all host users and tenant users? 2/ If (1) is not, so, how can we change/set permissions for tenant admin to access some features? 3/ with module zero, could I show all system users if current logged in user is host user but when he/she change permissions for selected user, system can only show the appropriate permissions with editing user? I mean if editing user is another host user system will display host permissions for selecting otherwise if editing user is tenant user, system will only show tenant permissions.

Thanks everyone, Ho Le


4 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Module Zero (Abp.Zero) provides domain logic. Most of your needs application requirements, all they are possible but I can not explain all in detail, it's detailed.

    1. I thought tenant users should be managed by tenant admin while designing it. But, that's also possible. You can disable IMayHaveTenantFilter and get all users of all tenants. This is exactly documented here: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Zero/User-Management#multi-tenancy">http://www.aspnetboilerplate.com/Pages/ ... ti-tenancy</a> (see TestMethod_3).
    2. UserManager has methods to change permissions. You should first switch to desired tenant (see TestMethod_2) and perform operation on any user.
    3. This is application specific. You can check if a user is host. Also, permission system allows you to define, change and check permissions. So, you can do anything by combining them. I suggest you to check authorization document for it: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Authorization">http://www.aspnetboilerplate.com/Pages/ ... horization</a>
  • User Avatar
    0
    hole7 created

    Hi hikalkan,

    Thanks for your advice.

    Please give me some specific domain business!

    Let's say that I'm gonna follow module-zero designing, so in the user management page we don't show any tenant users, then I need to add one option called "Change admin permissions" to tenant management to modify the permissions for tenant admin user. Am I right?

    Thanks, Ho Le

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Tenant admin user should have all permissions. Do not remove any permission. Tenant admin can controler tenant's user permissions. If you restrict tenants from some features, use edition & feature system (<a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Feature-Management">http://www.aspnetboilerplate.com/Pages/ ... Management</a>).

  • User Avatar
    0
    hole7 created

    Hi Hikalkan,

    Thanks in advance