Proposal #1: Multiple Roles per User and separation between Permissions and Access Scopes
This design tries to address two of the missing features of the current implementation:
- Multiple Roles per User
- Separation between Access Scopes (Organization, Facility, Workspace, Room) and Permissions
Multiple Roles per User
Allowing a User to have more than 1 Role give us the possibility to define very specific Roles and then compose them in different ways to create different logical roles. This composition of Roles also makes possible to reuse already defined Roles simplifying their configuration.
In the application, when a permission needs to be enforced, the group of all the Permissions from all the Roles the User has is used.
Add Comment