Multiple roles and multiple groups for a user

technical · July 17, 2019, 8:38am

Hi!

I am working on a specific group organization because of a client request.
I read: Set Up Users in Authorization Extension Dashboard

We are currently using Auth0 Authorization extension with one group and one role per user.

My new use case is the following:

Companies can sign up on the application.
Each company can create subsidiaries.
Each user can be assigned to multiple companies and/or subsidiaries with at each time a specific role.

Example :
Companies : COMP1, COMP2
COMP1 has three subsidiaries : SUB11, SUB12, SUB13
A user USER1 is an administrator of COMP2, and a viewer of the subsidiary SUB12

The only solution I found reading docs is to create for each company or subsidiary role named groups (ADMINS GROUP, EDITORS GROUP) and assign a role to it.
So :
COMP1
> ADMINS
> EDITORS
> VIEWERS
> SUB11
>> ADMINS
>> EDITORS
>> VIEWERS
> SUB12
>> ADMINS
>> EDITORS
>> VIEWERS (USER1 belong to this group)
COMP2
> ADMINS (USER1 belong to this group)
> EDITORS
> VIEWERS

Is there another solution?

Kind regards,
Romain

mathiasconradt · July 17, 2019, 8:58am

I would say, this is correct. Since there is no way to define which specific role (admin, editor, viewer) a user has within each group but the roles are assigned to the user globally, your approach is the way to go (using subgroups).
Or alternatively, creating roles like “COMP1-Admin”, “COMP1-Editor”, but I think the approach with subgroups makes more sense here.

technical · July 17, 2019, 9:09am

Thank you for your quick answer.
I also though about the idea of creating roles like “COMP1-Admin”, “COMP1-Editor”, … But I think it it not a good approach as I do not allow admins to change permissions.
Do you know if the new rbac group system will allow my use case?