I’m trying to implement authorization based on a combination of user roles and projects. If a user has a specific role for a project, then it will be given certain permissions only within the project. I want to be able to add multiple user roles attached to multiple projects for one user.
id and data would be pulled from personal database
- project 1
- project 2
- admin: doesn’t need project assigned, manages multiple projects
- team lead: can access across an entire project
- team member: can only access specific data within a project
One user can be a team lead for project 1, and a team member for project 2.
I’ve seen solutions involving groups, but because the nature of projects (want it to be easy to CRUD projects for admins), using groups seems too permanent.
I also considered a solution where I would store role and project combinations into a user’s app metadata:
role: ‘team lead’,
project: ‘project 1’
project: ‘project 2’
Though I am not sure if this is really a viable option. Does anyone have any other ideas as to how I can go about this?