I’m curious how to exploit an RBAC feature for a “permissions inheritance” case, i.e. set the maximal permissions on a user group level, and override it on a user basis on-demand. For example, there are three groups of users (three customers in B2B model), where:
- all users from the first group have Permission.A, Permission.B and Permission.C
- all users from the second group have Permission.A and Permission.D
- users from the third group by default have only Permission.D Some users from this group have extra Permission.E but do not have Permission.A
An organization’s feature could be an option here, but group permissions management are not supported out of the box and inheritance should be implemented separately. It could be Actions using Organization metadata or 3-rd party service. It does not look like an elegant solution. Your recommendations here?