I am developing a multi-tenant site and each tenant will have 3 roles: SuperUser (admin), CustomerAdmin and User. The idea is that the SuperUser role will be used by IT and have global permissions within the tenant. The CustomerAdmin role will be assigned to designated users at our various customers so they can mange their own users and the User role will just be a basic role to use the site with no admin menu options.
The issue I am having is that if I assign CRUD permissions for the CustomerAdmin group, they can modify users in the SuperUser group. Is there a way to block a certain role for another, or create some sort of hierarchical role system where roles on the lower rungs of the hierarchy cannot modify/view roles and permissions higher up.
Thanks Adam
1 Answer(s)
-
0
Hi, currently there isn't such logic exists in ANZ.
You can try creating
SuperUseras static role with a predefinedname(notdisplayName). Then, when upating a role, check for current logged in user's permission the role to modify with the static roleSuperUserIf you face any issues, you can post it here and we will try to help.
